All contained within RBAC. Implicit cast to string, so that scope remains a string arg. RoleAssignmentScope itself can go to Core and maintain the global inventory of scopes?
Permissions can go the same way. Ideally each service swagger would express its permissions as extensible enum in swagger
The current thinking was to represent individual permissions (Actions, DataActions, etc) as extensible enums with a helper extension method like ToPermissionStrings that converts Lists of them into a List<string>.
This has a few benefits:
- Each service could maintain their extensible enum that is appropriate for it's resources, providing strongly typed permissions
- The common RBAC API still accepts the lowest common denominator which is lists of string so we don't need one big enum with all possible permissions
- Power users can interact using only string if they like
The downside is that we'd need to provide the hints of how to use the extensible enum via comments, documentation, and samples.