The “guest” (unauthenticated) user for open-balena has the following permissions:
- cpu_architecture: read
- device_type: read
- device_type_alias: read
- device_family: read
- device_manufacturer: read
- application: read (is_public eq true and is_for__device_type/canAccess())
- release: read (belongs_to__application/any(a:a/is_public eq true and is_for__device_type/canAccess()))
- service: read (application/any(a:a/is_public eq true and is_for__device_type/canAccess()))
- image: read (is_a_build_of__service/any(s:s/application/any(a:a/is_public eq true and is_for__device_type/canAccess())))
- application_tag: read (application/any(a:a/is_public eq true and is_for__device_type/canAccess()))
- release_tag: read (release/any(r:r/belongs_to__application/any(a:a/is_public eq true and is_for__device_type/canAccess())))
- image__is_part_of__release: read (is_part_of__release/any(r:r/belongs_to__application/any(a:a/is_public eq true and is_for__device_type/canAccess())))
For the last few that only allow access if we publish apps/services/images/etc as public, I suppose this is fine (as we just won’t do that), but why are the first few unconditionally exposed?
Any harm in locking them down or just deleting the “guest” user all together?