Harness OPA support for IAM, Access Control / Identity Governance policies
D
Dew Orangutan
Project Admins/Owners must be able to add users to their own projects, but they should only be allowed to add users who belong to the same Org. Cross-org user assignment must be blocked.
Current situation:
We have removed “invite user” permissions from our org admins, but Project Admins/owners can still add any already-provisioned user from other Orgs that will bypass our IDP only based access for organization.
Current harness RBAC alone does not support restricting assignments by Org.
In our SMP instance we do not see any policy types related to Access Control or Role Assignment governance.
Can you please advise:
- Whether Access Control / Identity Governance policies are supported in our SMP deployment
- If a feature flag or module needs to be enabled to allow policies on user/role assignments
- What options you recommend to technically enforce this requirement
We are looking for any supported approach or new ideas to achieve this restriction.
Log In