RBAC granularity for read only and read write access #24482
Vytenis-Valutkevicius
started this conversation in
General
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Hello,
we are using ArgoCD with ApplicationSets and we are facing some RBAC granularity issues.
We have application at root level that deploy the ApplicationSets per team which generate Applications. The problem we are facing is that these root level application belonged to default project and previously users were not able to see them, now they are moved to teams projects and now they have full access to them. Which might not be bad, however we would like them to have limited access (read only) for the root Application and the ApplicationSets, and full access to the Applications generated by ApplicationSets.
Something like this:
One option I thought of was to assign root application to default or "root" project and grant permissions to the specific app per team with read only access and then applicationSets to use teams project that would have read-write access. So just wondering if there would be a better way around it. Would appreciate any insights how to achieve this. 🙇
Beta Was this translation helpful? Give feedback.
All reactions