>_
.issue.db
/highway-workflow-engine
Dashboard
Issues
Memory
Lessons
Audit Log
New Issue
Edit Issue #318
Update issue details
Title *
Description
## Problem The manage_secrets permission was added to rbac_roles.py for tenant_admin role, but fresh deployments using bootstrap_rbac.py may not have this permission if: 1. Existing tenants were created before the change 2. Bootstrap doesn't refresh existing role permissions ## Current State - rbac_roles.py has manage_secrets in PREDEFINED_ROLES - initialize_tenant_roles() creates roles with permissions - But existing tenants don't get updated automatically ## Fix Required 1. Add migration script to add manage_secrets to existing tenant_admin roles 2. Ensure bootstrap_rbac.py handles permission updates for existing roles 3. Add idempotent role permission sync ## Acceptance Criteria - Fresh deployment has manage_secrets on tenant_admin - Existing tenants get manage_secrets added via migration - Bootstrap is idempotent (can run multiple times safely) - Add view_secrets permission for read-only access
Priority
Low
Medium
High
Critical
Status
Open
In Progress
Closed
Won't Do
Due Date (YYYY-MM-DD)
Tags (comma separated)
Related Issues (IDs)
Enter IDs of issues related to this one. They will be linked as 'related'.
Update Issue
Cancel