select project by tag in org level resource group
long-term
P
Protective Stingray
This is to allow creating an RBAC binding at the org level where access is given to specific projects and their resources. The projects are specified by have a certain tag.
This will greatly simplify the RBAC rules needed, without this we have to implement project level RBAC or use the resource group that allows specifying specific projects by ID. Both need extra work whenever projects are added.
Log In
A
Abhishek Thamman
marked this post as
long-term
P
Protective Stingray
We currently only create the RBAC at the ORG level using a terraform script. We do not want to support project level RBAC because of the at least 10 fold increase in the amount of RBAC definitions that would need to be maintained.
A
Abhishek Thamman
marked this post as
pending feedback
A
Abhishek Thamman
HeyProtective Stingray, thanks for the feature request. I do understand the feature request and the value it can bring in your setup.
Would it also be possible to share your model of creating these resource groups at both project and org-level and then assigning them via role-bindings? This will help better understand your use case and prioritize it.