html_url,issue_url,id,node_id,user,created_at,updated_at,author_association,body,reactions,issue,performed_via_github_app
https://github.com/simonw/datasette/issues/1636#issuecomment-1334759315,https://api.github.com/repos/simonw/datasette/issues/1636,1334759315,IC_kwDOBm6k_c5Pjs-T,9599,2022-12-02T04:46:32Z,2022-12-02T04:46:32Z,OWNER,"Thankfully all of the logic for this already lives in just one place:

https://github.com/simonw/datasette/blob/d7e5e3c9f98d194fdfb12f1ecc60ed5b3afbc464/datasette/default_permissions.py#L23-L59","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1138008042,
https://github.com/simonw/datasette/issues/1636#issuecomment-1334758766,https://api.github.com/repos/simonw/datasette/issues/1636,1334758766,IC_kwDOBm6k_c5Pjs1u,9599,2022-12-02T04:45:16Z,2022-12-02T04:45:16Z,OWNER,"Also, this is another thing which should live in `config.yml` rather than being crammed into `metadata.yml` - but I can fix that when I address:
- #493","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1138008042,
https://github.com/simonw/datasette/issues/1636#issuecomment-1334757597,https://api.github.com/repos/simonw/datasette/issues/1636,1334757597,IC_kwDOBm6k_c5Pjsjd,9599,2022-12-02T04:42:35Z,2022-12-02T04:42:35Z,OWNER,"Should I call this key `permissions` or something else?

Some options:

- `permissions`
- `perms` - shorter to type
- `allow` - I like the word, but might be confusing to change its meaning since we use it already","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1138008042,
https://github.com/simonw/datasette/issues/1636#issuecomment-1334673179,https://api.github.com/repos/simonw/datasette/issues/1636,1334673179,IC_kwDOBm6k_c5PjX8b,9599,2022-12-02T02:07:20Z,2022-12-02T04:27:07Z,OWNER,"So the new mechanism needs to extend that to handle all of the other permissions as well.

The simplest design I can think of is this (here illustrated using YAML):

```yaml
# instance-level permissions - give every logged in user the debug menu:
permissions:
  debug-menu:
    id: *
databases:
  content:
    # Allow bob to create-table in the content database
    permissions:
      create-table:
        id: bob
```","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1138008042,
https://github.com/simonw/datasette/issues/1636#issuecomment-1334666806,https://api.github.com/repos/simonw/datasette/issues/1636,1334666806,IC_kwDOBm6k_c5PjWY2,9599,2022-12-02T01:58:40Z,2022-12-02T02:00:53Z,OWNER,"Current design:

```json
{
    ""databases"": {
        ""private"": {
            ""allow"": {
                ""id"": ""*""
            }
        }
    }
}
```
This can be applied at the instance, database, table or query level within the nested JSON.

https://docs.datasette.io/en/stable/authentication.html#controlling-access-to-specific-databases

It's actually controlling the following permissions:

- `view-instance`
- `view-database`
- `view-table`
- `view-query`

There's also a special case for allowing SQL queries,at the instance and database level:

```json
{
    ""databases"": {
        ""mydatabase"": {
            ""allow_sql"": {
                ""id"": ""root""
            }
        }
    }
}
```","{""total_count"": 0, ""+1"": 0, ""-1"": 0, ""laugh"": 0, ""hooray"": 0, ""confused"": 0, ""heart"": 0, ""rocket"": 0, ""eyes"": 0}",1138008042,