Skip to content

Advanced RBAC for users and groups #95

Description

@charlie-haley

Discussed in #88

Originally posted by davyto May 9, 2026
Hi, this is a very interesting project, thanks for building and maintaining it! I was wondering if user/group policies are supported right now and how, as I can't find anything in the docs. For example, I would like to add user A to Group A and user B to group B, and allow the two groups to only be able to see a subset of catalogs or perform certain actions.

Introduce advanced RBAC that can bind a user or group to a given set of actions or resources.

Key requirements:

  • Support MQL (Marmot Query Language) to restrict access to resources based on queries.
  • Allow deploying these rules with IaC providers and the UI

Open questions

  • Do we restrict lineage traversal with policies?
  • How do we surface restricted assets in the UI, do we hide them completely or return a visual prompt

Metadata

Metadata

Assignees

No one assigned

    Labels

    enhancementNew feature or request

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions