I want to ensure worker authorization upon execution, signal, or query. For example, is this worker authorized to execute a given query against the given workflow execution. Another example: provide broad access to query a workflow execution and limit access to signal a workflow execution.
I see the execution intercepter and do not see signal or query interceptors - which if these exist I believe they’d fulfill my need.
I’m unclear if Temporal’s authorization API can operate at this granularity. If it can operate at that granularity, I’d like to be able to use Temporal’s hosted solution and I’m unclear if I’d have access to add my own authorizer.
The isolation provided by namespaces is too blunt a tool for the desired granularity.
What options do I have to check signal and query authorization?