Review the CRCPLAN parent feature for additional context, including the feature overview, goals, user stories and use cases, acceptance criteria, designs, dependencies, risks, assumptions, pending questions and documentation callouts.

The problem

The Playbook Dispatcher service helps to run remediation plans within Red Hat Insights. This service is tightly coupled with the authorization being granted to run remediation plans as a dependency of the remediations service.

Summary and goal

Introduce the Kessel features and functionality for Playbook Dispatcher to meet their product and customer's needs. The Kessel and Playbook Dispatcher teams will work together to support flexible grouping of assets, enhanced granular role-based access control mechanisms and standard patterns/best practices for implementing these features within their service. 

The teams will:

• Workshop with stakeholders to identify critical use cases
• Document workflows showcasing user actions, asset management and integration of workspaces/ReBAC. 
• Collaborate with development teams to share schemas, documentation and identify potential impacts/dependencies of their service with the new Kessel model. 
• Work with the Playbook Dispatcher team to define a solution where permissions and roles defined for the service build on top of the solution for Remediations
• Define the predefine roles or inherited permissions specific to the integration with remediations.
• Define the access model and how the Playbook Dispatcher and Kessel teams want it to work (chain of access checks v. plan inheritance by nature) 
• Build out proofs of concept to show Kessel and Playbook Dispatcher (service, account, connections) integrations. 
• Assist in planning and coordinating rollouts of the new features with the service team.

Goals

• Playbook Dispatcher has onboarded with the AuthZ model and build out their relations APIs to support the association of external accounts and connections to workspaces and PRBAC v2. 
• Others

Acceptance Criteria 

1. Use Case Definition: Clearly outlined use cases for Playbook Dispatcher, explaining the problems being solved by either the new relational models, asset grouping in workspaces or extensible role bindings between groups, roles, and workspaces.
2. Technical Collaboration: Review and modify any architectural plans based on joint sessions between the Kessel and Playbook Dispatcher to address integration of their service with the workspace model, ReBAC and SpiceDB API.
3. Proof of Concept: Successfully build and test a proof of concept (POC) of Kessel implementation by Playbook Dispatcher to address the use cases previously outlined.
4. Onboarding and Rollout: Launch new functionality with Playbook Dispatcher and monitor the implementation for feedback, issues or performance that will drive future Kessel iterations.

Open Questions

Capture any open questions and resolutions related to the epic goal or acceptance criteria. Add any additional details, questions or decisions that need to be made or addressed. 

Resources: 

• Playbook Dispatcher / Kessel Runbook: AuthZ Early Adopters Runbook - Playbook Dispatcher