)]}'
{"goals/proposed/consistent-and-secure-rbac.rst":[{"author":{"_account_id":15993,"name":"Amy Marrich","display_name":"Amy Marrich (spotz)","email":"amy@demarco.com","username":"amarrich"},"change_message_id":"2dd1d36a338eef9a80162bc973e59cb9c549e62d","unresolved":true,"context_lines":[{"line_number":4,"context_line":""},{"line_number":5,"context_line":"Existing policy defaults suffer from three major faults:"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"#. The admin-ness problem: use of policy rules like \u0027is_admin\u0027 or hard-coded"},{"line_number":8,"context_line":"   is-admin checks results in the admin-anywhere-admin-everywhere problem and"},{"line_number":9,"context_line":"   drastically inhibits true multi-tenancy since by default customers cannot"},{"line_number":10,"context_line":"   have admin rights on their own projects or domains."},{"line_number":11,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"18962c17_ab7f9e26","line":8,"range":{"start_line":7,"start_character":52,"end_line":8,"end_character":11},"updated":"2021-07-06 21:02:16.000000000","message":"Should these be the same?","commit_id":"551c109b68e9fcea281fb46072b77f205d396128"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"c0533fd5dc9f12be2629d63aceebc102d6f58477","unresolved":true,"context_lines":[{"line_number":4,"context_line":""},{"line_number":5,"context_line":"Existing policy defaults suffer from three major faults:"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"#. The admin-ness problem: use of policy rules like \u0027is_admin\u0027 or hard-coded"},{"line_number":8,"context_line":"   is-admin checks results in the admin-anywhere-admin-everywhere problem and"},{"line_number":9,"context_line":"   drastically inhibits true multi-tenancy since by default customers cannot"},{"line_number":10,"context_line":"   have admin rights on their own projects or domains."},{"line_number":11,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"e53bd47a_2f73060a","line":8,"range":{"start_line":7,"start_character":52,"end_line":8,"end_character":11},"in_reply_to":"18962c17_ab7f9e26","updated":"2021-07-06 22:42:32.000000000","message":"these two are different, we have is_admin rule which is configurable and hardcoded is_admin check also which checks the admin flag from context.","commit_id":"551c109b68e9fcea281fb46072b77f205d396128"},{"author":{"_account_id":8556,"name":"Ghanshyam Maan","display_name":"Ghanshyam Maan","email":"gmaan.os14@gmail.com","username":"ghanshyam"},"change_message_id":"2074d8d7672ec6ab226f0281eca01504cd49b990","unresolved":true,"context_lines":[{"line_number":4,"context_line":""},{"line_number":5,"context_line":"Existing policy defaults suffer from three major faults:"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"#. The admin-ness problem: use of policy rules like \u0027is_admin\u0027 or hard-coded"},{"line_number":8,"context_line":"   is-admin checks results in the admin-anywhere-admin-everywhere problem and"},{"line_number":9,"context_line":"   drastically inhibits true multi-tenancy since by default customers cannot"},{"line_number":10,"context_line":"   have admin rights on their own projects or domains."},{"line_number":11,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"9bf44ceb_e98e3403","line":8,"range":{"start_line":7,"start_character":52,"end_line":8,"end_character":11},"in_reply_to":"b666b383_faf5b967","updated":"2021-07-07 14:29:21.000000000","message":"I mean these are correct here. 1st one is policy configurable rule and 2nd is where we have hardcoded the admin checks in DB or so.","commit_id":"551c109b68e9fcea281fb46072b77f205d396128"},{"author":{"_account_id":15993,"name":"Amy Marrich","display_name":"Amy Marrich (spotz)","email":"amy@demarco.com","username":"amarrich"},"change_message_id":"849a947cf7b7be4c133160ac85114a5489a0af4c","unresolved":true,"context_lines":[{"line_number":4,"context_line":""},{"line_number":5,"context_line":"Existing policy defaults suffer from three major faults:"},{"line_number":6,"context_line":""},{"line_number":7,"context_line":"#. The admin-ness problem: use of policy rules like \u0027is_admin\u0027 or hard-coded"},{"line_number":8,"context_line":"   is-admin checks results in the admin-anywhere-admin-everywhere problem and"},{"line_number":9,"context_line":"   drastically inhibits true multi-tenancy since by default customers cannot"},{"line_number":10,"context_line":"   have admin rights on their own projects or domains."},{"line_number":11,"context_line":""}],"source_content_type":"text/x-rst","patch_set":1,"id":"b666b383_faf5b967","line":8,"range":{"start_line":7,"start_character":52,"end_line":8,"end_character":11},"in_reply_to":"e53bd47a_2f73060a","updated":"2021-07-07 12:21:27.000000000","message":"Ok but in the reply to me you used is_admin twice vs is_admin and is-admin. I\u0027m just making sure we have the correct -/_usage.","commit_id":"551c109b68e9fcea281fb46072b77f205d396128"}]}