How to add a permission to existing role?

Hello,

I have learned that we currently do not support adding permissions to
existing role:

role "Existing Role", [:existing_perm, :new_perm]

In this case, new_perm is simply ignored.

Can someone give me a hint, what is the standard practice here to add a
permission(s)?

It looks like there is a constraint in the code to skip adding
permissions if there are existing ones. I tried to remove this
constraint but I was unable to understand what is going on (got some
validation taxonomy exceptions).

> Can someone give me a hint, what is the standard practice here to add a
> permission(s)?

It looks like core does not use this, but seeds.d approach.

Well, both Discovery and Bootdisk plugins have similar bugs and we need
to add permissions in a more simple way than adding new migration.
Created Feature #10900: Ship all built-in roles as read-only and provide a way to clone roles - Foreman

> Well, both Discovery and Bootdisk plugins have similar bugs and we need
> to add permissions in a more simple way than adding new migration.
> Created Feature #10900: Ship all built-in roles as read-only and provide a way to clone roles - Foreman

Looks like this is a feature!

We do not want to add permissions back when roles are modified by
administrators. Therefore users need to add the permissions themselves.
Until roles are read only or we have some kind of validation that would
ask admin to add missing permission, that's the only way I think.