The idea is:
I propose a feature that allows Node Access Control by Project Folder.
This feature would enable users to selectively enable or disable specific nodes (like the Execute Command node, or any other node) on a per-project-folder basis. This would involve a new configuration setting, likely in the administration or project settings, to define which nodes are permitted within workflows in a given folder.
My use case:
Example
- We have a “System” project folder dedicated to infrastructure maintenance and deployment workflows. In this folder, the Execute Command node is essential and must be allowed. This will allow us to execute n8n cli commands.
- All other project folders (Development, Marketing Automations, HR, etc.) should have the Execute Command node disabled to prevent developers or users from accidentally or maliciously running arbitrary commands on the host system.
I think it would be beneficial to add this because:
Enhanced Security: It directly addresses the risk of unauthorized commands being executed from less-controlled workspaces, mitigating potential security vulnerabilities.
Better Governance: It allows administrators to enforce policies on where certain powerful nodes can be used, ensuring that critical operations are only built and run in designated, audited folders.
Any resources to support this?
This is a governance feature similar to Role-Based Access Control (RBAC) but applied at the Node/Folder level.
Are you willing to work on this?
I am willing to clarify the requirements, provide feedback, and help test the feature as well as help with development. I am a software developer and have experience working with nodejs.