From c9f3a620a4b4c1916e0941cb5624dcd636f06d06 Mon Sep 17 00:00:00 2001 From: Thomas Date: Mon, 23 Oct 2023 07:08:26 +0800 Subject: [PATCH] Merge pull request from GHSA-rjxg-rpg3-9r89 * feat: remove the config_read scope from the viewer role * feat: remove the CONFIG_READ scope from the contributor role as well --- src/fides/api/oauth/roles.py | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/fides/api/oauth/roles.py b/src/fides/api/oauth/roles.py index 9b52d79401..eaba96c6ff 100644 --- a/src/fides/api/oauth/roles.py +++ b/src/fides/api/oauth/roles.py @@ -86,7 +86,6 @@ class RoleRegistryEnum(Enum): viewer_scopes = [ # Intentionally omitted USER_PERMISSION_READ CLI_OBJECTS_READ, CLIENT_READ, - CONFIG_READ, CONNECTION_READ, CONSENT_READ, CONSENT_SETTINGS_READ, @@ -126,6 +125,7 @@ class RoleRegistryEnum(Enum): MESSAGING_CREATE_OR_UPDATE, MESSAGING_DELETE, PRIVACY_REQUEST_NOTIFICATIONS_CREATE_OR_UPDATE, + CONFIG_READ, CONFIG_UPDATE, USER_PERMISSION_ASSIGN_OWNERS, ]