Grants¶
In the Grants section of Bifrost, administrators can easily track which use cases are assigned to specific roles and users. This level of visibility allows for precise management of user permissions.
To assign a particular use case to multiple roles, create a grant. When administrators create a grant, they define the access policies that govern user interactions with specific resources. Once a grant is created in the Grant section, it can be leveraged as a reusable template for similar access scenarios and employed repeatedly without recreating the entire configuration.
How to create Policy Use-Case Grant?¶
While it's straightforward to assign use-cases to individual users via the Bifrost UI, there's a rare chance that you may be required to assign a particular use-case to multiple users across different teams, you can accomplish this by following the steps outlined below.
- On Bifrost UI, goto the Grants tab, where you can view all the grants (use-cases assigned to users). Click on Create Grant.
- In the create grant dialog box, define a grant manifest. A sample grant manifest is given
Following are some more sample grant manifest
Sample manifest 1
Description: This use-case authorize actions using a user id assigned to a app-user.
Sample manifest 3
Description: This use-case allows certain subejcts identified by tag to read all topics in pulsar.
policy_use_case_id: read-topics
subjects:
- roles:id:operator
- roles:id:pulsar-admin
- roles:id:system-dev
- users:id:caretaker
- users:id:pulsar-client-admin
- users:id:usage-collector**
- users:id:poros-recorder**
Sample manifest 4
Description: This use-case allows subjects to create and update governance primitives; roles, providers, atoms, use-cases, grants, policies.
policy_use_case_id: create-update-governance-primitives
subjects:
- roles:id:operator
- users:id:dataos-resource-manager
Sample manifest 5
Description: This use-case allows subjects to delete governance-primitives; roles, providers, atoms, use-cases, grants, policies.