App doesn't require access to all the permission it supports in the trust policy file #581
Assignees
Labels
documentation
Improvements or additions to documentation
Comments
|
Yes, because this field's type literally comes from Google's library for the GitHub API, so the permissions we would need to ask for is "literally everything". We plan to do quarterly releases and roll up new permissions into those releases (since it requires folks to hit "re-install" on the app), so if you have requests for permissions you need, please let us know. @cpanato did we document ☝️ somewhere? |
|
no, i will do that |
|
@mattmoor thanks for the reply, I'd request permissions for access
which are in general security releated aspects that one may need to access |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The list of available permissions to ask in a trust policy file is wider than the one requested by the installed app.
See for example security_events, which is not accessible by the app
app/iac/sts_exchange.schema.json
Line 274 in bae5250
The text was updated successfully, but these errors were encountered: