Allow defining arbitrary labels for users and groups

Question

Allow defining arbitrary labels for users and groups

Closed this issue 10 months ago · 2 comments

I think it would come really handy if we could define arbitrary labels an entity would be allowed to read. Is this something you have thought about and do you see any issues with this approach

user1:
  namespace: foo
  team: foo
  app: foo-bar

user2:
  namespace: bar
  service: bar

Answer 1 · 2023-12-18T08:25:35.000Z

Thank you for your patience, covid struck me last week.

Initially, we thought about it but decided against it:

adds more complexity
in our use case not necessary

But from what I can see, it should result in a more granular permission system 👍🏻.
Depending on the implementation, it could result in substantially worse performance as this is checked per request.

Answer 2 · 2024-01-16T10:59:24.000Z

Hi @Lucostus, thanks for getting back to me. I see, it's not a requirement as of now. I just wanted to know a bit more about your reasoning there. Keeping it simple is for sure a good approach and I did not think about a potential performance penalty.