Skip to content

feat: PBAC UI — data purposes, data consumers, and query log config#7700

Draft
galvana wants to merge 6 commits intofeat/dataset-data-purposesfrom
feat/pbac-ui-management
Draft

feat: PBAC UI — data purposes, data consumers, and query log config#7700
galvana wants to merge 6 commits intofeat/dataset-data-purposesfrom
feat/pbac-ui-management

Conversation

@galvana
Copy link
Contributor

@galvana galvana commented Mar 19, 2026

Ticket [ENG-XXXX]

Dependency: Requires fidesplus#3247 for the backend PBAC API endpoints

Description Of Changes

Add the admin UI for managing purpose-based access control (PBAC) entities. Three feature areas:

Data purposes management (/data-purposes)

  • List page with Ant Table, search, pagination
  • Add/edit pages using Ant Design v5 Form (Form.useForm, Form.Item)
  • Form mirrors privacy declaration fields: data use (taxonomy select), data categories, data subjects, legal basis, retention period, special category legal basis, features
  • Delete confirmation modal with scope-based access control

Data consumers management (/data-consumers)

  • List page with Ant Table, search, pagination
  • Add/edit pages with purpose assignment via multi-select
  • Consumer types: service, application, group, user
  • Delete confirmation modal with scope-based access control

Query log config (integration detail tab)

  • Settings toggle panel (not CRUD table) — enable/disable with poll interval
  • Inline Test connection and Poll now action buttons
  • Registered for BigQuery and test_datastore (mock) integration types
  • test_datastore connections always pass connection test (no secrets needed)

All pages gated behind alphaPurposeBasedAccessControl feature flag and requiresPlus.

Code Changes

  • features/data-purposes/ — 8 files: RTK slice, table, form, delete modal, actions cell, constants, barrel
  • features/data-consumers/ — 8 files: RTK slice, table, form, delete modal, actions cell, constants, barrel
  • features/integrations/configure-query-log/ — 6 files: RTK slice, tab, table hook, modal, actions cell, constants
  • pages/data-purposes/ — 3 pages: list, add, edit
  • pages/data-consumers/ — 3 pages: list, add, edit
  • features/common/nav/routes.ts — 8 new route constants
  • features/common/nav/nav-config.tsx — 2 nav items under Core Configuration
  • features/common/api.slice.ts — 3 cache tags
  • types/api/models/ScopeRegistryEnum.ts — 12 scope enums
  • types/api/models/IntegrationFeature.ts — QUERY_LOGGING enum
  • features/integrations/add-integration/allIntegrationTypes.tsx — test_datastore type info
  • features/integrations/integration-type-info/bigqueryInfo.tsx — QUERY_LOGGING feature
  • features/integrations/hooks/useFeatureBasedTabs.tsx — Query logging tab
  • src/fides/service/connection/connection_service.py — test types always pass connection test

Steps to Confirm

  1. Start dev: nox -s "dev(slim)" -- fides-pkg fides-admin-ui
  2. Enable alphaPurposeBasedAccessControl feature flag
  3. Navigate to Core Configuration > Data purposes — create, edit, delete a purpose
  4. Navigate to Core Configuration > Data consumers — create with purpose assignment, edit, delete
  5. Navigate to Integrations > create a test_datastore integration > Query logging tab > enable, test, poll
  6. Confirm lint/typecheck: cd clients/admin-ui && npm run lint && npm run typecheck

Pre-Merge Checklist

  • All CI Pipelines Succeeded
  • New features have been verified on (and/or added to) Demo Environment using nox -s dev -- demo
  • Documentation:
    • if there are any new client scopes created as part of the pull request, remember to update public-facing documentation that references our scope registry
  • Issue Requirements are Met
  • Optional: Follow-Up Issues Created
  • Update CHANGELOG.md

@claude
feat: PBAC UI — data purposes, data consumers, and query log config
9dace64 
Add admin UI for managing purpose-based access control (PBAC) entities:

Data purposes & data consumers management pages:
- List pages with Ant Table, search, pagination under Core Configuration
- Add/edit pages using Ant Design v5 Form (Form.useForm, Form.Item)
- Data purpose form mirrors privacy declaration fields (data use, categories,
  subjects, legal basis, retention, special category, features)
- Data consumer form includes purpose assignment via multi-select
- Delete confirmation modals with scope-based access control
- RTK Query slices with cache invalidation (DataPurpose, DataConsumer tags)
- Nav registration gated behind alphaPurposeBasedAccessControl flag

Query log config integration tab:
- Settings toggle panel on integration detail page (not CRUD table)
- Enable/disable switch with poll interval selector
- Inline Test connection and Poll now action buttons
- RTK Query slice for query log config CRUD + test + poll endpoints
- Tab registered for BigQuery and test_datastore (mock) integration types
- test_datastore connections always pass connection test (no secrets needed)

Infrastructure:
- 12 new OAuth scope enums (DATA_PURPOSE_*, DATA_CONSUMER_*, QUERY_LOG_SOURCE_*)
- 3 new cache tags (DataPurpose, DataConsumer, QueryLogConfig)
- IntegrationFeature.QUERY_LOGGING enum value
- test_datastore integration type info with QUERY_LOGGING feature
- Connection test always succeeds for test_datastore/test_website types

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@vercel
Copy link
Contributor

vercel bot commented Mar 19, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

2 Skipped Deployments
Project Deployment Actions Updated (UTC)
fides-plus-nightly Ignored Ignored Preview Mar 19, 2026 5:25pm
fides-privacy-center Ignored Ignored Mar 19, 2026 5:25pm

Request Review

@claude
feat: add Seed Data developer page for triggering seed scenarios
a41d177 
Adds a new "Seed Data" page under the Developer nav (dev-only) that
lets users select and trigger seed scenarios via the seed API. Includes
RTK Query slice with status polling and cache tag invalidation mapped
per seed task. Currently supports the PBAC scenario.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@claude
fix: disable query logging via update instead of delete
13850c0 
Toggling the query log switch off now sends PUT {enabled: false}
instead of DELETE, preserving the config and its watermark so
re-enabling resumes from where it left off.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@claude
fix: use valid page size for data purposes query in consumer form
79e6e5d 
The form was requesting size=500 but the API enforces max 100,
causing a validation error and an empty dropdown.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
@claude
fix: use white text on in-progress badge in seed data page
3f17cde 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@galvana