-
Notifications
You must be signed in to change notification settings - Fork 5
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Membership approver groups #101
Conversation
…roup membership request approval to users that are not a member of the group itself. The use case is that a certain group may confer a high level of access to certain systems, which no users should have on a standing basis. This allows such a high-privileged group to remain 'normally empty', while still making it useful for break-glass access situations.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This looks good - I'm wondering if we should allow multiple approver groups?
I was thinking about that but landed on "we have group-of-groups functionality already and groups are cheap, so folks can create an x-approvers group and configure that as advanced they like". Otherwise we're adding a new table here and some more logic, particularly in the frontend. Thoughts? |
… of One() to fetch the group record.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
lgtm!
Add approver group field to groups, allowing for the designation of group membership request approval to users that are not a member of the group itself. The use case is that a certain group may confer a high level of access to certain systems, which no users should have on a standing basis. This allows such a high-privileged group to remain 'normally empty', while still making it useful for break-glass access situations.