Hoop.dev is centered around three core resources:
- Connections
- Sessions
- Plugins
We currently offer two distinct roles within the application:
- Admin
- User
This guide provides a detailed overview of the permissions and capabilities associated with each role and how to setup Access Control policies.
Admin Role
Overview
The Admin role is designed for users who need comprehensive control and oversight within the application. Admins have the highest level of access and are capable of performing a wide range of actions.
Capabilities
As an Admin, you have the following capabilities:
- Modify Resources: Admins can modify any mutable resource within the application. This includes:
- Connections: Admins can create, edit, or delete connections.
- Plugins: Admins can install, configure, or remove plugins.
- Integrations: Admins can set up and manage integrations with other services or applications.
- Access to All Workspace Resources: Admins have the ability to view resources across all users within the workspace. This includes:
- Sessions: Admins can view all user sessions.
- Reviews: Admins can access reviews from any user.
User Role
Overview
The User role is tailored for individuals who primarily use the application for development purposes without the need for administrative control.
Capabilities
As a User, you have the following capabilities:
- Connection Access: Users can access and connect to available connections based on:
- Group Membership: Access is determined by the user's group membership, which is defined in the
SSO provider (e.g., Okta, JumpCloud). - Access Control Plugin Configuration: Specific permissions set within the access control plugin dictate the level of access to connections.
- Session Visibility: Users can only view their own sessions that are generated within the app.
Approver Role
Overview
The Approver role is a specialized position in Hoop.dev, designed for users who play a part in the review process but do not require access to connections or administrative capabilities.
This role is particularly suited for individuals who focus on the evaluation or approval of work within the application, separate from development or administrative tasks.
Capabilities
- Review Access: Approvers have exclusive access to:
- Own Reviews: They can view and manage reviews they create or are assigned to, but cannot access reviews from other users.
- Restricted Resource Access: Unlike Admins or regular Users, Approvers do not have access to:
- Connections: They cannot create, edit, or view connections within the application.
- Sessions: Access to session information is not available to Approvers, aligning with their role's focus on reviews only.
- Administrative Functions: Approvers do not possess any administrative privileges, ensuring a clear separation of roles within the workspace.
Role Implementation
- Access Control Setup: An approver’s groups should must not match any groups for the connections..
- Integration with SSO: Similar to other roles, the Approver role can be integrated with SSO providers to streamline user management and security. You can create a standard prefix like
approver-orreviewer-and use it in the Reviews plugin config.