https://lakefs.io/ logo
Title
r

Robin Moffatt

03/06/2023, 12:46 PM
I'm looking at RBAC. What's the default effect for an action with no explicit `allow`/`deny` ? i.e. if I create a user and don't grant it any
fs:*
(neither allow nor deny), is that the same as granting
deny
? Put another way, if I only want to allow certain actions, do I need to
deny
the others, or can I simply
allow
the ones that I want?
g

Guy Hardonag

03/06/2023, 12:52 PM
If no permissions exist than the action will be blocked, so basically it’s like
deny
Also
deny
is stronger than
allow
so If you provide
fs:*
allow
with
fs:Write*
deny
to a user, it will be able to do all
fs
commands except write commands.
r

Robin Moffatt

03/06/2023, 2:39 PM
thanks !