Access Control: Make it possible to exclude role grants (#91647)

2025-02-25 18:55:37 -06:00 · 2024-08-08 14:11:17 +02:00
parent 89ee970ec3
commit 0e5d7633f7
2 changed files with 5 additions and 2 deletions
--- a/pkg/api/accesscontrol.go
+++ b/pkg/api/accesscontrol.go
@@ -442,6 +442,8 @@ func (hs *HTTPServer) declareFixedRoles() error {
 			},
 		},
 		Grants: []string{"Editor"},
+		// Don't grant fixed:folders:creator to Admin
+		Exclude: []string{"Admin"},
 	}

 	foldersReaderRole := ac.RoleRegistration{