restrict visibility

Current situation

Authentification is ensured by JWT tokens. But there is currently no authorization support. If you have access to a given orchestrator instance, you can do everything on the instance.

Desired outcome

A way to restrict visibility and rights, per token, so that a given token only sees what it is allowed to see.

This includes restricting the visibility of execution environments (so that not all workflows can access all environments).

It should rely on the .metadata.namespace attribute of workflows (and other events).

Analysis

Solution

---

Epic : https://project.squashtest.org/browse/SQMAP-603 RBAC sur token d'authentification
This has been promised to one client for S1 2022 (See epic for more information.)