Comment by noisy_boy

4 hours ago

I definitely empathize but:

> There is no role-based access control for the Railway API — every token is effectively root. The Railway community has been asking for scoped tokens for years. It hasn't shipped.

Why the hell did you go with their stack then? RBAC should be table stakes for such a solution, no?

1 comment

noisy_boy

pjc50 3 hours ago

Ironic given that real railways invented the access control "token" for safety purposes in the middle of the nineteenth century: https://en.wikipedia.org/wiki/Token_(railway_signalling)