Problem/Motivation
Permissions are properties of user roles and are deployed as such.
This makes it difficult to define permissions for modules that are only in some environments or have some permissions to be different in different environments.
Proposed resolution
Permissions can be split off with a new role split ConfigFilter and a config entity defining which permissions to add/remove from which role.
This can be done in three ways:
a) New standalone module project on drupal.org
b) As a sub-module for config_split
c) As a part of config_split
Remaining tasks
Decide which approach to take. Commit code. Celebrate.
User interface changes
The new configuration entity will come with a form and we will have to find a good way for defining which permissions to split from which roles.
API changes
None, we would just add another ConfigFilter plugin.
Data model changes
During the running of the site nothing would change, permissions and roles continue to work as they do now when they are in the active storage. However when they are exported the permissions get split out.
Original issue description:
How to support adding some permissions to user.anonoymous.permisisons?
I am not sure how to suggest it properly.
My use case is the one in the title.
I have devel enabled on local machines properly using config_split for that. I would like to give 'access devel information'. I could use the grey list, but that would mean that if I configure other permissions that I do want them to be used in production they won't be properly populated.
I am thinking one possible way is giving the option to support a merge config entry or something of the like, so instead of one overwriting the production one it will just merge it. It could be manually written or maybe it could be provided on settings.php and you simply merge it?
