michal/mcpctl
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: granular RBAC with resource/operation bindings, users, groups #19

Merged
michal merged 1 commits from feat/projects-rbac-users-groups into main 2026-02-23 11:05:52 +00:00
Conversation 0 Commits 1 Files Changed 67 +7256 -498
michal commented 2026-02-23 11:05:45 +00:00
Owner
Copy Link

Summary

  • Replace admin role with granular roles: view, create, delete, edit, run
  • Two binding types: resource (role+resource+optional name) and operation (role:run+action)
  • Name-scoped resource bindings for per-instance access control
  • Remove role from project members — all permissions via RBAC
  • Add users, groups, RBAC CRUD endpoints and CLI commands
  • describe user/group shows all RBAC access (direct + inherited from groups)
  • create rbac supports --subject, --binding, --operation flags
  • Backup/restore handles users, groups, RBAC definitions
  • mcplocal project-based MCP endpoint discovery
  • 406 mcpd tests + 270 CLI tests passing
## Summary - Replace admin role with granular roles: view, create, delete, edit, run - Two binding types: resource (role+resource+optional name) and operation (role:run+action) - Name-scoped resource bindings for per-instance access control - Remove role from project members — all permissions via RBAC - Add users, groups, RBAC CRUD endpoints and CLI commands - describe user/group shows all RBAC access (direct + inherited from groups) - create rbac supports --subject, --binding, --operation flags - Backup/restore handles users, groups, RBAC definitions - mcplocal project-based MCP endpoint discovery - 406 mcpd tests + 270 CLI tests passing
michal added 1 commit 2026-02-23 11:05:46 +00:00
feat: granular RBAC with resource/operation bindings, users, groups
Some checks failed
CI / lint (pull_request) Has been cancelled
Details
CI / typecheck (pull_request) Has been cancelled
Details
CI / test (pull_request) Has been cancelled
Details
CI / build (pull_request) Has been cancelled
Details
CI / package (pull_request) Has been cancelled
Details
dcda93d179 
- Replace admin role with granular roles: view, create, delete, edit, run
- Two binding types: resource bindings (role+resource+optional name) and
  operation bindings (role:run + action like backup, logs, impersonate)
- Name-scoped resource bindings for per-instance access control
- Remove role from project members (all permissions via RBAC)
- Add users, groups, RBAC CRUD endpoints and CLI commands
- describe user/group shows all RBAC access (direct + inherited)
- create rbac supports --subject, --binding, --operation flags
- Backup/restore handles users, groups, RBAC definitions
- mcplocal project-based MCP endpoint discovery
- Full test coverage for all new functionality

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
michal merged commit a8117091a1 into main 2026-02-23 11:05:52 +00:00
Sign in to join this conversation.
Reviewers
No Reviewers
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
michal
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: michal/mcpctl#19
Delete Branch "feat/projects-rbac-users-groups"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?