Permissions

Mission Control provides a flexible and strong security model that combines two powerful methods: Role-Based Access Control (RBAC) and Attribute-Based Access Control (ABAC).

This combined permission system helps you set up detailed access rules. For instance, while RBAC can control if a user can run any playbooks in the system, detailed ABAC rules let you define exactly which playbooks specific users or teams can access.

Key Concepts

Concept	Description
Permission	A rule that grants or denies specific actions to a subject on target objects
Subject	WHO or WHAT gets the permission (person, team, group, or system service)
Actions	WHAT operations are allowed (read, write, delete, playbook:run, etc.)
Groups	Groups of subjects for easier permission management

Access Control Models

Model	Description
Roles	Role-Based Access Control using built-in roles (admin, editor, viewer, guest)
ABAC	Attribute-Based Access Control based on resource attributes (tags, namespace, name)
Multi-Tenancy	Agent and tag-based permissions for SaaS environments

Quick Example

permission.yaml
apiVersion: mission-control.flanksource.com/v1
kind: Permission
metadata:
  name: sre-playbook-access
spec:
  description: Allow SRE team to run playbooks on production configs
  subject:
    team: sre-team
  actions:
    - playbook:run
  object:
    playbooks:
      - name: "*"
    configs:
      - labels:
          environment: production

info

Deny rules always override Allow rules.

Getting Started

Quickstart - Learn about default permissions and how to enable strict mode
Permission - Understand the Permission CRD schema
Subjects - Learn about different subject types
Actions - Understand available permission actions

Permissions​

Key Concepts​

Access Control Models​

Quick Example​

Getting Started​

See Also​

Permissions

Key Concepts

Access Control Models

Quick Example

Getting Started

See Also