Skip to content

Commit

Permalink
fixup! RFC on authorisation model
Browse files Browse the repository at this point in the history
  • Loading branch information
squaremo committed Dec 15, 2021
1 parent f6887cf commit 5478a40
Showing 1 changed file with 7 additions and 7 deletions.
14 changes: 7 additions & 7 deletions rfcs/0001-authorisation/README.md
Original file line number Diff line number Diff line change
Expand Up @@ -58,13 +58,13 @@ isolation:

This table summarises how these operations are subject to RBAC and namespace isolation.

| Type of operation | Accessed via | Namespace isolation |
|------------------------------------------------|--------|----------------------------------|
| Reading and writing the object to be processed | Controller service account | N/A |
| Dependencies of object to be processed | Controller service account | Yes |
| Access to related Flux API objects | Controller service account | Some cross-namespace refs[1] |
| CRUD of Flux API objects | Controller service account | Created in same namespace |
| CRUD and healthcheck of sync configurations | Impersonation[2] | As directed by spec[2] |
| Type of operation | Accessed via | Namespace isolation |
|------------------------------------------------|----------------------------|------------------------------|
| Reading and writing the object to be processed | Controller service account | N/A |
| Dependencies of object to be processed | Controller service account | Same namespace only |
| Access to related Flux API objects | Controller service account | Some cross-namespace refs[1] |
| CRUD of Flux API objects | Controller service account | Created in same namespace |
| CRUD and healthcheck of sync configurations | Impersonation[2] | As directed by spec[2] |

[1] See "Cross-namespace references" below<br>
[2] See "Impersonation" below
Expand Down

0 comments on commit 5478a40

Please sign in to comment.