Replies: 2 comments 1 reply
-
|
@seb-kw Sorry for the ping.. I was wondering if this discussion-tab is the correct for this kind of question or if you guys wanna have issues for this discussions / questions |
Beta Was this translation helpful? Give feedback.
-
|
Hi @knoobie currently we have a simple RBAC system in place. So you can invite users to projects and assign them roles there. Currently there is nothing like user groups in devguard, nevertheless, we are using casbin as rbac backend: https://casbin.org/, it should be pretty straightforward to implement user groups. |
Beta Was this translation helpful? Give feedback.
-
|
Thanks for the reply! Looks possible with casbin. Might be of interest for you, once the user base grows it's pretty hard to keep track of proper role management for hundreds of users. |
Beta Was this translation helpful? Give feedback.
Uh oh!
There was an error while loading. Please reload this page.
-
We are currently evaluating devguard in comparison to tools like dependencytrack and we are looking for a way to get proper role and permission structures. Looking through the docs, I could get a pretty good picture overall here (https://devguard.org/explanations/core-concepts/organization-groups-repos). But I'm still wondering about the following possibilities of devguard (I haven't had the time to start my own instance to check - just searched the docs).
We would like to create one org, e.g. My Corp. Within the org, we have different departments, a security department and different units which are in charge of their products. The security department is allowed to see all products, while each unit is only "allowed" to manage their own project/assets, e.g.:
We would like to:
readall products (we do not want the sec team to create releases etc. - they should only be allowed to read stuff)writeaccess toproduct1admin"role" forproduct1Is this already possible with devguard or on the roadmap?
Beta Was this translation helpful? Give feedback.
All reactions