Overview

Repository pattern for automatically managing RBAC-related records throughout the lifecycle of RBAC entities (vfolder, endpoint, etc.).

Components

1. Creator

Automatically creates required RBAC records when an RBAC entity is created:

• Main entity Row creation
• AssociationScopesEntitiesRow creation (entity-scope mapping)
• EntityFieldRow creation (for field-scoped entities)

2. Granter

Grants permissions on RBAC entities to users:

• Role creation or reuse of existing Role
• ObjectPermissionRow creation (role-entity mapping)
• PermissionGroupRow creation (scope-based permission group)
• UserRoleRow creation (user-role mapping)

3. Purger

Cleans up related RBAC records when an RBAC entity is deleted:

• Main entity Row deletion
• ObjectPermissionRow deletion
• AssociationScopesEntitiesRow deletion
• PermissionGroupRow conditional deletion (when no other entities exist and no permissions remain)

Implementation

Location: src/ai/backend/manager/repositories/base/rbac_entity/

• creator.py - Creator, CreatorSpec, execute_creator()
• granter.py - Granter, GranterSpec, execute_granter()
• purger.py - Purger, execute_purger()

JIRA Issue: BA-2839