The LimitedRole limits what a Role can authorize by intersecting it privileges with an additional set of privileges. This concept is useful in general and we plan to leverage it in more features. However the current implementation only works for one level of limiting and this prevents its general usefulness. For example, an API key already has one level of limiting. So it is not possible to further limiting it which might be useful in cases like derived API keys, cross-cluster API keys.
We should remove the above constraint by reworking the implementation of Role and LimitedRole.
The
LimitedRolelimits what aRolecan authorize by intersecting it privileges with an additional set of privileges. This concept is useful in general and we plan to leverage it in more features. However the current implementation only works for one level of limiting and this prevents its general usefulness. For example, an API key already has one level of limiting. So it is not possible to further limiting it which might be useful in cases like derived API keys, cross-cluster API keys.We should remove the above constraint by reworking the implementation of
RoleandLimitedRole.