Discussion: enable role based/fine grained control over commands

[CoolCold]

1. Let's imagine we have mixed Slack installation - devs, support, admins, managers, even TOP level strangers in something like #firefighters channels. Limit the execution of commands to particular set of users would be really nice - i.e. 1st line support can do some "dmesg" commands, but not "docker restart ...".

2. It would be much nicer to have it via some binding to Rundeck itself, which integrates with LDAP/AD and has definition of roles on it's own, just need to pass the handle of user, but as I understand it's only limited to TOKEN auth - either token is right or wrong.

Would like to listen to your commends/ideas.

[outofcoffee]

Hi @CoolCold; thanks for opening the discussion on this.

To take this in a few parts:

1. Role-based access control

This could be achieved by using the 'roles' and actions functionality in Corebot. See the 'security' section in the docs and the examples for how security can be set up to limit actions to particular users or roles.

2. Tying this back to Rundeck's authentication

This should be possible by enabling the option to trigger the job as the slack user.

Please do let me know how you get on.

[CoolCold]

hello @outofcoffee !
for 1 - uh-oh, somehow i've overlooked it, it's even mentioned in README, sorry for taking your time for nothing.

for 2:

This should be possible by enabling the option to trigger the job as the slack user.

I've reread example, but cannot see how to do it, to my understanding you need a list of auth tokens per every user or some external check in Rundeck.