DORA Profile Management in Collections RBAC
C
Cuddly Limpet
We request an enhancement to user role permissions at the project level, specifically for users who have access to collection settings, allowing them to create, edit, delete, and save their own DORA profiles within the rights granted in the collection settings. Currently, these actions fall under configuration settings, which restricts workflow efficiency and introduces an RBAC risk, as only configuration admins can make updates. This limitation hinders the ability to update new product profiles while maintaining compliance.
We propose shifting DORA profile management permissions from Configuration Settings to Collections RBAC Rights, enabling better role-based access control, improving agility in updating product profiles.
Log In
Prashant Batra
Thanks Mounir. If I understand correctly, the real need here is to enable teams to build and manage their own profiles / settings and avoid having to raise a request to the common platform teams, for every change. This ask makes a lot of sense and is in the spirit of our SEI 2.0 architecture. Let's look to meet soon and review SEI 2.0, and we can review how the new architecture addresses this challenge. Thank you for raising this, and being a champion for Harness SEI.