🚀 RBAC: Add "Permissions by Plugin" matrix view #8377
Description
Workspace
rbac
🔖 Feature description
Add a "By Plugin" matrix view to the RBAC plugin UI that shows all roles vs all permissions, grouped by plugin. This would complement the existing role-centric view with a plugin-centric overview.
The matrix would display:
- Rows: Roles
- Columns: Permissions grouped by plugin
- Cells: Allow / Deny / Conditional
The data is already available via the existing RBAC API endpoints (GET /roles, /policies, /plugins/policies, /roles/conditions), so this would be a frontend-only change.
🎤 Context
The current RBAC UI only provides a role-centric view, we click into each role to see its permissions. As the number of plugins and roles grows, it becomes difficult to:
- Audit which roles can access a specific plugin's permissions
- Compare access levels across roles for the same plugin
- Get a full picture of permissions across all plugins at a glance
We currently maintain a manual Confluence page tracking roles and permissions per plugin, which is error-prone and frequently out of date. A matrix view in the RBAC UI would eliminate the need for manual tracking.
✌️ Possible Implementation
Add a new tab (e.g. "By Plugin") to the existing RbacPage that renders a matrix table. The data can be fetched from the existing API endpoints:
- GET /plugins/policies: plugin permission metadata (column headers)
- GET /roles: roles with members (row headers)
- GET /policies: role-to-permission mappings (cell values)
- GET /roles/conditions: conditional policies (cell annotations)
Optional enhancements: filtering by plugin/role/action, CSV export, links to role detail page.
👀 Have you spent some time to check if this feature request has been raised before?
- I checked and didn't find similar issue
🏢 Have you read the Code of Conduct?
- I have read the Code of Conduct
Are you willing to submit PR?
Yes I am willing to submit a PR!