RBAC for controller

[gooseleggs]

I am wondering if there is a possibility of adding RBAC into the controller, and therefore the console. In the console, there only appears to be Admin (1 role). I can foresee a couple of other roles that could be nice to have within the controller. These roles being

1. Router Enrollment - account that can be used to only enroll routers into the fabric, but not add/modify services or identities, or delete components. ie, it can be used in automation where the scope of the account is limited.
2. Identity management - account that can enroll/delete identities, but not add services, fabric components etc

Use case for point 1 - docker deployments where you don't want to use the admin account.
Use case for point 2 - helpdesk team that can perform user management, but not modify services

(PS I am not sure if this is the correct place for it, so putting it here) - feel free to move

[dovholuknf]

Thanks @gooseleggs. This is a topic that pops up every know and then. Mentioning the use cases you have in mind is particularly valuable, thanks for including those.

We'll add this to the list of things to discuss. Thank you again for the issue. We'll move it if needed

[ekoby]

keep it for future consideration