Component
Backend
Infrahub version
1.6.2
Current Behavior
Currently, non-admin users cannot perform branch rebase operations even when they have been granted merge_branch and merge_proposed_change permissions. This is because there is no dedicated rebase_branch global permission - rebase operations are restricted to users with super_admin only.
- Users with
global:merge_branch:allow_all permission can merge branches
- Users with
global:merge_proposed_change:allow_all permission can merge proposed changes
- Rebase operations require
super_admin permission - there is no granular permission for rebase
Expected Behavior
A new global permission rebase_branch should be available, allowing administrators to grant rebase capabilities to non-admin users without requiring full super_admin access.
Steps to Reproduce
-
Create a non-admin user account
- Navigate to Admin > Role Management > Accounts
- Create a new user (e.g.,
testuser)
-
Create a role with branch permissions
- Navigate to Admin > Role Management > Roles
- Create a new role (e.g.,
branch-operator)
- Assign the following global permissions:
global:merge_branch:allow_all
global:merge_proposed_change:allow_all
-
Assign the role to the user
- Create a group and add the user to it
- Assign the
branch-operator role to the group
-
Login as the non-admin user
- Logout from admin account
- Login with the
testuser credentials
-
Create a branch and attempt to rebase
- Create a new branch (e.g.,
test-branch)
- Make some changes on the branch
- Attempt to rebase the branch onto
main
-
Observe the error
- The rebase operation fails with a permission denied error
- The user cannot rebase despite having merge permissions
Additional Information
No response
Component
Backend
Infrahub version
1.6.2
Current Behavior
Currently, non-admin users cannot perform branch rebase operations even when they have been granted
merge_branchandmerge_proposed_changepermissions. This is because there is no dedicatedrebase_branchglobal permission - rebase operations are restricted to users withsuper_adminonly.global:merge_branch:allow_allpermission can merge branchesglobal:merge_proposed_change:allow_allpermission can merge proposed changessuper_adminpermission - there is no granular permission for rebaseExpected Behavior
A new global permission
rebase_branchshould be available, allowing administrators to grant rebase capabilities to non-admin users without requiring fullsuper_adminaccess.Steps to Reproduce
Create a non-admin user account
testuser)Create a role with branch permissions
branch-operator)global:merge_branch:allow_allglobal:merge_proposed_change:allow_allAssign the role to the user
branch-operatorrole to the groupLogin as the non-admin user
testusercredentialsCreate a branch and attempt to rebase
test-branch)mainObserve the error
Additional Information
No response