Description
We want to provide a visual way to understand and navigate the permission model.
To answer the wo major questions:
- "What profile do I need for a certain task?"
- "What can my team do?"
we want to provide a Greenhouse UI that visualizes Permission Manager Custom Resources.
Related Epics
This Epic is part of a cross-repo initiative to visualize permissions end-to-end:
Resources
The Permission Manager maintains CRDs (Profile, AccessLevel, Tool, ToolInstance, ProfileRequest, OperatorConfig) as the single source of truth for the organization's permission model. These CRDs encode:
- Profiles — Functional Roles (Organizational and Application) that users request, including bundled Access Levels, approvers, request restrictions (Passport Role gates), and expiry policies.
- Access Levels — Atomic permission units describing capabilities on specific application resources, documented via CCRN (Common Cloud Resource Names).
- Tools / ToolInstances — Application connectors that Access Levels target.
The CRDs are not yet published in the open source. This Epic is a placeholder to be refined and used for planning.
User Stories
"Which Profile do I need to do my job?"
As a developer who needs access to a specific resource,
I want to search/browse by resource (tool, region, CCRN) and see which Profiles grant access to it,
So that I know exactly what to request without reading YAML files.
Acceptance Criteria (preliminary):
"I am part of this Team, what can I do?"
As a team member or manager,
I want to select a Team and see the full resolved permission chain down to CCRN resources,
So that I understand exactly what resources and capabilities my team membership grants.
Acceptance Criteria (preliminary):
Dependencies
- Permission Manager CRDs published in the open source
Description
We want to provide a visual way to understand and navigate the permission model.
To answer the wo major questions:
we want to provide a Greenhouse UI that visualizes Permission Manager Custom Resources.
Related Epics
This Epic is part of a cross-repo initiative to visualize permissions end-to-end:
Resources
The Permission Manager maintains CRDs (
Profile,AccessLevel,Tool,ToolInstance,ProfileRequest,OperatorConfig) as the single source of truth for the organization's permission model. These CRDs encode:The CRDs are not yet published in the open source. This Epic is a placeholder to be refined and used for planning.
User Stories
"Which Profile do I need to do my job?"
As a developer who needs access to a specific resource,
I want to search/browse by resource (tool, region, CCRN) and see which Profiles grant access to it,
So that I know exactly what to request without reading YAML files.
Acceptance Criteria (preliminary):
"I am part of this Team, what can I do?"
As a team member or manager,
I want to select a Team and see the full resolved permission chain down to CCRN resources,
So that I understand exactly what resources and capabilities my team membership grants.
Acceptance Criteria (preliminary):
Dependencies