https://prefect.io logo
Title
m

Matt Delacour

08/04/2022, 3:38 PM
And do we have a list of what each of those roles mean ? For example what is "audit trail" ? Should my normal "users" have read access to it ? 🤷
đź‘€ 4
Same for
read:message
?
And what does
update:log
mean ? What does it mean to update the logs of a Flow?
z

Zach Angell

08/04/2022, 5:33 PM
Hi Matt! We don’t have a list of what each of these roles mean. Generally, “Create”, “Read”, “Update”, and “Delete” permissions refer to the ability to perform that operation on an object. So
read:flow
would give a user the right to view flows. “audit trail” refers to the ability to see audit logs. I would recommend only allowing this for admin users.
read:message
gives permission to read notifications sent by Prefect within a tenant, usually to a specific user. I would recommend giving that to all users.
update:log
, as you might guess by now, gives users the ability to update log records. This is actually not used at the moment within the Cloud 1.0 platform. But if we were to add an operation that updated logs in the future, it might become relevant. You might find the docs here helpful https://docs-v1.prefect.io/orchestration/rbac/overview.html Is there a specific persona you’re trying to create a role for?
❤️ 1
m

Matt Delacour

08/04/2022, 6:00 PM
Thanks Zach. I was already looking at the same Prefect doc page 👍 Thanks for the explanation of those roles 🙏
Do you have any update on my other question (permissions issue) https://prefect-community.slack.com/archives/CL09KU1K7/p1659623135287269 ?
z

Zach Angell

08/04/2022, 7:28 PM
Yeah, I’ll respond in that thread for consistency