Purpose

Expand RBAC DB tables for:

• Simplified permission updates for system-sourced roles
  • Currently we must determine the scope ID of roles to add a new scope_permission record, which is inconsistent because one role can have permissions of multiple different scopes.
• Templating

Steps

1. Add permission_targets table:
   • id
   • role_id
   • entity_type
   • entity_id (nullable)
   • scope_type (nullable)
   • scope_id (nullable)
2. Define ScopePermissionTarget and ObjectPermissionTarget ORM classes
   • ScopePermissionTarget:
     • id
     • role_id
     • entity_type
     • scope_type
     • scope_id
   • ObjectPermissionTarget:
     • id
     • role_id
     • entity_type
     • entity_id
3. Add permissions table:
   • id
   • permission_target_id
   • operation
4. Delete scope_permissions and object_permissions

Summary

{width=476 height=195}

JIRA Issue: BA-2107