|
|
|
|
|
|
by jcusch
664 days ago
|
|
|
How you're describing iOS is similar to how nitric works. Developers indicate in code "I'm reading from this bucket", it's a request not an order, they're not actually configuring the permissions system. That request is collected into a graph of other requests (for resources, permissions, etc.) and passed via an API to a provider to fulfill. If you want to change what "read" means you're free to do that in the provider without changing a single line of application code. But you also get the benefit on the Ops side of not needing to read the application code to try and figure out what permissions it needs to work, that part it generated so you can't miss anything. If you want to output Terraform or config files or something else like you do today, to enable audits and keep it alongside the code, you can do that easily. |
|
|