feat: RBAC builder/editor #743

New issue

Closed

opened 2026-03-28 04:28:03 +00:00 by mfreeman451 · 0 comments

mfreeman451 commented

2026-03-28 04:28:03 +00:00

Owner

Imported from GitHub.

Original GitHub issue: #2293
Original author: @mfreeman451
Original URL: https://github.com/carverauto/serviceradar/issues/2293
Original created: 2026-01-14T08:37:18Z

Is your feature request related to a problem?

We need a way to be able to create new RBAC profiles from the UI. This is something that only an admin or some kind of super_admin maybe (we would like to deprecate the concept of super_admin, but maybe it is worth keeping) could only build these things, the UI doesn't have to be super crazy but the main feature of this that we are looking for here is the ability to create groups of users and basically have an ACL that says what they can and cannot do on the system, beyond what we have today which is essentially view or admin.

Whatever we come up with has to be able to be evaluated fast, and it has to be idempotent -- live in the CNPG, loaded at startup, enforced at the API level (api lives in web-ng mostly anyways).

This thing doesn't really need to specifically be tenant aware since every tenant now gets their own schema in CNPG. We will also soon be moving to true tenant process isolation and every tenant will get their own core-elx and web-ng instance and whatever else.

Describe the solution you'd like

A clear and concise description of what you want to happen.

Describe alternatives you've considered

A clear and concise description of any alternative solutions or features you've considered.

Additional context

Add any other context or screenshots about the feature request here.

Imported from GitHub. Original GitHub issue: #2293 Original author: @mfreeman451 Original URL: https://github.com/carverauto/serviceradar/issues/2293 Original created: 2026-01-14T08:37:18Z --- **Is your feature request related to a problem?** We need a way to be able to create new RBAC profiles from the UI. This is something that only an admin or some kind of super_admin maybe (we would like to deprecate the concept of super_admin, but maybe it is worth keeping) could only build these things, the UI doesn't have to be super crazy but the main feature of this that we are looking for here is the ability to create groups of users and basically have an ACL that says what they can and cannot do on the system, beyond what we have today which is essentially `view` or `admin`. Whatever we come up with has to be able to be evaluated fast, and it has to be idempotent -- live in the CNPG, loaded at startup, enforced at the API level (api lives in web-ng mostly anyways). This thing doesn't really need to specifically be tenant aware since every tenant now gets their own schema in CNPG. We will also soon be moving to true tenant process isolation and every tenant will get their own core-elx and web-ng instance and whatever else. **Describe the solution you'd like** A clear and concise description of what you want to happen. **Describe alternatives you've considered** A clear and concise description of any alternative solutions or features you've considered. **Additional context** Add any other context or screenshots about the feature request here.