Is your feature request related to a problem? Please describe.
In regulated industries every manual action taken in production systems needs to be accounted for. With the current access controls in Temporal Cloud it's only possible to grant access on the namespace level though. In strictly regulated industries we might need to enforce controls like four-eyes principle and only allow actions on a strictly defined set of workflows. An ideal flow would look like this:
- Production incident is raised for workflows with metadata x=y
- Identity Governance and Administration (IGA) system grants temporary access for these workflows
- Engineers take action on specific workflows
- Access is revoked
Describe the solution you'd like
To provide the most flexibility Temporal Cloud should integrated with a PDP (Policy Decision Point) sending necessary metadata for the PDP to make the correct decision. The PDP has all the required information to make the right call.
Describe alternatives you've considered
- Develop/fork a custom dashboard that implements the necessary access controls. This requires a significant amount of work.
- Add a full-blown IAM system like AWS's or similar. These often only allow for static rules and would require workarounds to make JIT FGA access feasible. E.g. Provisioning the required metadata via SCIM on users and using the IAM system to evaluate this data for access.
- Temporal itself providing FGA. I think this would make integration in existing FGA systems quite complex.
Additional context
Unfortunately there's no industry-wide standard for PDPs, yet so a custom adapter will always be required until the industry matures.
AWS has a nice whitepaper on the best practices here.
Is your feature request related to a problem? Please describe.
In regulated industries every manual action taken in production systems needs to be accounted for. With the current access controls in Temporal Cloud it's only possible to grant access on the namespace level though. In strictly regulated industries we might need to enforce controls like four-eyes principle and only allow actions on a strictly defined set of workflows. An ideal flow would look like this:
Describe the solution you'd like
To provide the most flexibility Temporal Cloud should integrated with a PDP (Policy Decision Point) sending necessary metadata for the PDP to make the correct decision. The PDP has all the required information to make the right call.
Describe alternatives you've considered
Additional context
Unfortunately there's no industry-wide standard for PDPs, yet so a custom adapter will always be required until the industry matures.
AWS has a nice whitepaper on the best practices here.