From 39483f8ca818f38ecca9f951e67b66441a4ad20c Mon Sep 17 00:00:00 2001
From: Pedro Maia Costa <550684+pnmcosta@users.noreply.github.com>
Date: Fri, 25 Apr 2025 15:04:25 +0100
Subject: [PATCH] [management] Auditor role (#3721)

---
 management/server/permissions/roles/auditor.go   | 16 ++++++++++++++++
 .../server/permissions/roles/role_permissions.go |  7 ++++---
 management/server/types/user.go                  |  3 +++
 3 files changed, 23 insertions(+), 3 deletions(-)
 create mode 100644 management/server/permissions/roles/auditor.go

diff --git a/management/server/permissions/roles/auditor.go b/management/server/permissions/roles/auditor.go
new file mode 100644
index 000000000..33d8651f4
--- /dev/null
+++ b/management/server/permissions/roles/auditor.go
@@ -0,0 +1,16 @@
+package roles
+
+import (
+	"github.com/netbirdio/netbird/management/server/permissions/operations"
+	"github.com/netbirdio/netbird/management/server/types"
+)
+
+var Auditor = RolePermissions{
+	Role: types.UserRoleAuditor,
+	AutoAllowNew: map[operations.Operation]bool{
+		operations.Read:   true,
+		operations.Create: false,
+		operations.Update: false,
+		operations.Delete: false,
+	},
+}
diff --git a/management/server/permissions/roles/role_permissions.go b/management/server/permissions/roles/role_permissions.go
index dda7e6b99..aca812fe2 100644
--- a/management/server/permissions/roles/role_permissions.go
+++ b/management/server/permissions/roles/role_permissions.go
@@ -15,7 +15,8 @@ type RolePermissions struct {
 type Permissions map[modules.Module]map[operations.Operation]bool
 
 var RolesMap = map[types.UserRole]RolePermissions{
-	types.UserRoleOwner: Owner,
-	types.UserRoleAdmin: Admin,
-	types.UserRoleUser:  User,
+	types.UserRoleOwner:   Owner,
+	types.UserRoleAdmin:   Admin,
+	types.UserRoleUser:    User,
+	types.UserRoleAuditor: Auditor,
 }
diff --git a/management/server/types/user.go b/management/server/types/user.go
index 5f7a4f2cb..419e688f5 100644
--- a/management/server/types/user.go
+++ b/management/server/types/user.go
@@ -15,6 +15,7 @@ const (
 	UserRoleUser         UserRole = "user"
 	UserRoleUnknown      UserRole = "unknown"
 	UserRoleBillingAdmin UserRole = "billing_admin"
+	UserRoleAuditor      UserRole = "auditor"
 
 	UserStatusActive   UserStatus = "active"
 	UserStatusDisabled UserStatus = "disabled"
@@ -35,6 +36,8 @@ func StrRoleToUserRole(strRole string) UserRole {
 		return UserRoleUser
 	case "billing_admin":
 		return UserRoleBillingAdmin
+	case "auditor":
+		return UserRoleAuditor
 	default:
 		return UserRoleUnknown
 	}