Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add a role for security auditor #21222

Open
myname-is-joe opened this issue Nov 20, 2024 · 2 comments
Open

Add a role for security auditor #21222

myname-is-joe opened this issue Nov 20, 2024 · 2 comments
Labels
area/custom-role backlog kind/requirement New feature or idea on top of harbor

Comments

@myname-is-joe
Copy link

Is your feature request related to a problem? Please describe.
For users that have a security but not an admin role, having a dedicated security role with only the necessary permissions is preferable

Describe the solution you'd like
A role with permissions to manage security issues for a project, but not actions such as deleting images

Describe the main design/architecture of your solution
Desired permissions:
See the project configurations
See a list of project members
See a list of project logs
See a list of project labels
See a list of repositories
See a list of images
Pull image
Scan image **not delete though
See a list of image vulnerabilities
See image build history
See a list of helm charts
Download helm charts
See a list of helm chart versions
Download helm chart versions
See a list of project robots
See configured CVE whitelist
Create/edit/remove CVE whitelist
Create/delete tag retention rules
Enable/disable tag retention rules

Additional context
This would allow security teams to function and minimize potential issues by giving them too broad permissions

@wy65701436 wy65701436 added the kind/requirement New feature or idea on top of harbor label Nov 22, 2024
@reasonerjt
Copy link
Contributor

Instead of adding new roles, we should enhance Harbor to allow creating new customized roles?

@tostt
Copy link
Contributor

tostt commented Nov 25, 2024

This is an expanded version of a proposal I made earlier for the CISO.
This feature is a must in a corporate/enterprise setting.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
area/custom-role backlog kind/requirement New feature or idea on top of harbor
Projects
None yet
Development

No branches or pull requests

4 participants