Introduction
In this document we discuss the support for Role Based Access Control in the context of Workflow Hub. The focus would be limited to the privileges that a user needs to have to access specific Workflow Hub Resources.
What's Not Supported
Attribute Based Access Control (ABAC) is not supported in Workflow Hub.
Super Roles
Introduction
Super roles are roles with elevated privileges. These roles can access resources and perform operations that can impact the product & the feature substantially. There are two main super roles in TCA
- System Admin
- Tenant Admin
System Admin
System Admin can access all the resources and perform all operations available in Workflow Hub.
Tenant Admin
A tenant admin can do everything a System Admin can w.r.t a single tenant. A tenant admin cannot change the tenant fairness parameter as that impacts the executions of other tenants as well.
Roles
| Roles | Privileges |
|---|---|
| Workflow Hub Designer | The users assigned to this role can view, create and modify workflows and schemas on Workflow Hub. They can also execute workflows. |
| Workflow Hub Executor | The users assigned to this role can view and execute workflows and schedules. They can also view workflow run statistics. |
Privileges
The following privileges are available in TCA to finely control the access to different resources by different users.
| Privilege Name | Access Type | Resource |
|---|---|---|
| Workflow Hub Secret Manager Write | CRUD | Privileges For Secret Manager |
| Workflow Hub Workflow Run Read | READ ONLY | Workflow Runs |
| Workflow Hub Certificate Authority Read | READ ONLY | CAs |
| Workflow Hub Workflow Run Statistics Read | READ ONLY | Workflow Run Statistics |
| Workflow Hub Workflow Write | CRUD | Workflows |
| Workflow Hub Schedule Read | READ ONLY | Schedules |
| Workflow Hub Workflow Read | READ ONLY | Workflows |
| Workflow Hub Schedule Write | CRUD | Schedules |
| Workflow Hub Configuration Write | Modify ONLY | Workflow Hub Administration |
| Workflow Hub Openapi Schema Write | CRUD | Openapi Schemas |
| Workflow Hub Workflow Run Write | Execute | Workflow Runs. |
| Workflow Hub Configuration Read | READ ONLY | Workflow Hub Configuration |
| Workflow Hub Openapi Schema Read | READ ONLY | Openapi Schemas |
| Workflow Hub Secret Manager Read | READ ONLY | Secret Manager |
| Workflow Hub Certificate Authority Write | CRUD | CAs |
