because I m an Admin in the slack org is it inferring granti

Question

because I m an Admin in the slack org is it inferring granting me something I can t see

white-balloon-205 · Answer

I expect you are an `Admin` in the organization which gives you `ADMIN` permission for all stacks in the organization See for more details Definitively interested in any feedback on the set of options you d like for configuring these roles to fit your organization better cc < colossal beach 47527> and < clever sunset 76585>

clever-sunset-76585 · Answer

subscribe

colossal-beach-47527 · Answer

Yeah +1 to what Luke was saying Would love your feedback here especially were things are surprising Members with the `ADMIN` role have full access to all stacks But one thing that we don t show in the UI and will fix that soon is that the person who created the stack may have permissions to modify it even if the organization s default stack settings don t allow for it i e if the organization allows members to create new stacks but the default stack permission is `READ` we still grant the person who created the stack read write access Otherwise being able to create a stack but not use it would be kind of lame Like I said that s one of the finer details of our RBAC settings that we don t show in the UI But it will be fixed in the next week or so

orange-tailor-85423 · Answer

ok cool thanks for the feedback I have some thoughts and will write up a brief Google doc

orange-tailor-85423 · Answer

kind of experience plus wishlist

orange-tailor-85423 · Answer

I mentioned this in a conversation with Cameron the other day and it dovetails a little bit with this Naming of things

orange-tailor-85423 · Answer

Or I should say visualizing the naming of things The stacks have absolute names but in the UI they can show up 3 different ways

orange-tailor-85423 · Answer

Also it would be nice to ensure nobody but Admin and or the defined group would have access to any stack created for x y or z environments

orange-tailor-85423 · Answer

ex <https app pulumi com MINDBODY Platform teams pulumi stack admins>

orange-tailor-85423 · Answer

if any stack gets stood up in alpha prod or staging I want this set of permissions to apply

orange-tailor-85423 · Answer

as far as I can tell there is no dynamic permissioning you have to explicitly add them

colossal-beach-47527 · Answer

gt The stacks have absolute names but in the UI they can show up 3 different ways Yeah that s a bug It will be fixed sometime in the next few weeks Sorry about that P gt it would be nice to ensure nobody but Admin and or the defined group would have access to any stack created for x y or z environments Yeah We ll add a feature where you can 1 drill into an organization member and see what stack s they have access to and how they were granted that access And 2 from a stack go backwards and see which teams and users have access to it That should help determining that Again should be fixed in a few weeks Sorry we don t have that right now

colossal-beach-47527 · Answer

gt as far as I can tell there is no dynamic permissioning you have to explicitly add them That is generally correct To get access to a stack you need to be explicitly added e g that stack added to an existing Team or you get added to a Team