Skip to content

REQ-402 Role-Based Access Control (RBAC) for Read/Write Operations #43

Description

@uw-sc

🆔 Requirement Details

  • ID: REQ-402
  • Priority: Must Have
  • Google Doc Link: link

📝 Description

Within a specific organization (tenant), the platform must support granular Role-Based Access Control (RBAC). Administrators must be able to provision users with specific permission sets, including at least:

  1. Read-Only Access: Users who can only view, query, and download/pull content (using native tools like curl, dnf, yum, podman, or docker) from their assigned organization.
  2. Write/Publish Access: Users who are explicitly authorized to upload, push, or publish new content (RPMs and OCI images) to their assigned organization.

🧪 Evaluation / Acceptance Criteria

  • Create a Read-Only-User and a Publisher-User within a single test organization (Org-A).
  • Test Read (RPM): Authenticate as Read-Only-User and successfully install an RPM via dnf/yum or download it via curl.
  • Test Read (OCI): Authenticate as Read-Only-User and successfully pull a container image via podman pull.
  • Test Write Denial: Authenticate as Read-Only-User and verify that attempting to push an image (podman push) or upload an RPM is explicitly rejected (e.g., HTTP 403 Forbidden).
  • Test Write Success: Authenticate as Publisher-User and verify they can successfully push a new OCI image and upload a new RPM to Org-A.

Metadata

Metadata

Assignees

Labels

No labels
No labels

Fields

No fields configured for Feature.

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions