Page MenuHomePhabricator
Create Task
Maniphest T7262

Is there a way to list all objects a user can access?
Closed, DuplicatePublic
Actions

Description

I was reviewing some policy settings of an user and I was wondering whether it is possible to show a list of all objects an user has access to?

It is not something to be used regularly but more as a tool to verify I did not made any mistake while setting up the policies of an object.

I know there is the bin/policy script but I would like to provide it with an username and it then lists all objects the user can access.
Or even just an username and an object and then it tells me whether the user has access or not.

Related Objects

Event Timeline

ralph.van.etten created this task.Feb 13 2015, 3:01 PM
ralph.van.etten raised the priority of this task from to Needs Triage.
ralph.van.etten updated the task description. (Show Details)
ralph.van.etten added a subscriber: ralph.van.etten.
chad added a subscriber: chad.Feb 14 2015, 2:46 AM

We don't have this functionality currently and I don't imagine it'd be easy to build (as objects could be in the millions or billions given your size). What problem specifically are you trying to solve? Projects? Repos? Tasks?

joshuaspence renamed this task from Is there a way to list all objects an user can access? to Is there a way to list all objects a user can access?.Feb 14 2015, 3:05 AM
joshuaspence added a project: Policy.
joshuaspence added a subscriber: joshuaspence.
joshuaspence removed a subscriber: joshuaspence.
ralph.van.etten added a comment.Feb 14 2015, 7:31 AM

We are considering giving clients access to our phabricator and I want to check if the permissions/policies are set up correctly. They do not need to see everything in our phabricator.
They way I am doing this now is to login as an user with similar permissions and then just click around and see what I can access. But even then I can't be 100% sure there isn't an object somewhere with the wrong permissions.

After some thought it seems I am just looking for a workaround until T3820, T4850 and perhaps T6860 are implemented. It seems if T3820 is implemented it would solve my problem.

chad added a comment.Feb 14 2015, 9:11 PM

T3820 is the main task we feels solves this problem, and it has the added benefit it solves a problem a lot of installs would like to see. Not sure with T3820 if this is worth pursuing. Going to merge this in so at least it can be referenced (and we know to make it clear in Spaces who has access to what).

chad closed this task as a duplicate of T3820: Implement top-level "Spaces" that provide policy isolation to groups of objects.Feb 14 2015, 9:12 PM
Phabricator · Built by Phacility