Loading...

XML

Word

Printable

Type: Story
Resolution: Done
Priority: Normal
Fix Version/s: ConsoleDot CY25Q2, Management Fabric M2
Affects Version/s: None
Component/s: None
Labels:

Activity Type:
Product / Portfolio Work
Story Points:
3
Epic Link:
Support Hierarchy under default workspace
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Ready:
False
Acceptance Criteria:
Hide

Assuming a hierarchy of workspaces of Root (1) -> Default (2) -> Standard (3) -> Sub1 (4) | Sub2 (5):

If I create a role in v1 RBAC where I've added the ID from the Standard workspace, (3), which has two descendants (4,5) via a current inventory group permission ("inventory:groups:read", "inventory:groups:write", "inventory:groups:*") as an attribute filter on the "group.id" key, when I query my inventory permissions /access/?application=inventory then I should see IDs for workspaces 3, 4 and 5 in my resourceDefinitions in a flat list, for the corresponding role/permission, where today I'd only see 3.

No other applications or permissions should trigger this logic.
Show
Assuming a hierarchy of workspaces of Root (1) -> Default (2) -> Standard (3) -> Sub1 (4) | Sub2 (5) : If I create a role in v1 RBAC where I've added the ID from the Standard workspace, (3), which has two descendants (4,5) via a current inventory group permission ("inventory:groups:read", "inventory:groups:write", "inventory:groups:*") as an attribute filter on the "group.id" key, when I query my inventory permissions /access/?application=inventory then I should see IDs for workspaces 3, 4 and 5 in my resourceDefinitions in a flat list, for the corresponding role/permission, where today I'd only see 3. No other applications or permissions should trigger this logic.
BZ requires_doc_text:
Unset
Regression:
None
Git Pull Request:
https://github.com/RedHatInsights/insights-rbac/pull/1596
BZ Keywords:
- Unset
Intelligence Requested:
Market:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

In order to support the incremental rollout of workspace CRUD operations in the new workspace UI, we'll need to ensure that when workspaces are created with hierarchy, that any access policies (roles with resource definitions) built off of workspaces will include descendants.

is duplicated by

RHCLOUD-39307 Include sub-workspaces in workspace resource definitions when responding to access requests

Closed

Assignee:: Keith Walsh

Reporter:: Keith Walsh

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Created:: 2025/03/27 7:06 PM

Updated:: 2025/08/14 7:03 PM

Resolved:: 2025/05/19 2:09 PM

Details

Description

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide