© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
5466644
demo site
(Get the code!)
John: This issue mentioned above is slightly different as its related to user who has created the secret/container and not to ACL user. If I recall correctly, the additional role requirement is for ACL user. Generally "creator user" will have secret's project role as that user has initially created the secret in that project. So same role requirement is extended for allowing secret read in private secret case (project-access = False). Have made change in policy to have this requirement for creator user.
We can certainly extend "read-role" approach to creator user but then each creator user will need this role in addition to project role user already has. The difference is that creator user will need to scope to the project where this additional role is assigned to.
So option is either to treat "creator user" as default ACL user or can be treated as role based specific user in private case (partially similar to admin user). Once "new role" is identified, we can make needed change in policy for ACL users (and creator user if that's preferred option).