Option to Restrict Primary Domain

[jflattery]

In Pangolin, the primary domain appears to be usable by all organizations by default, which can cause access conflicts or security concerns in multi-organization setups. For instance, in environments with multiple organizations managing their own sites and resources, admins need a way to prevent automatic access to the primary domain to enforce stricter controls.

Introduce a configuration option to restrict the primary domain from default usage by organizations. Once restricted, allow admins to explicitly assign the primary domain to specific organizations (e.g., via the admin interface for managing organizations, sites, users, and roles). This could include:

• A global setting toggle (e.g., "Restrict primary domain to assigned organizations only").
• An assignment mechanism in the UI, where the primary domain can be linked to selected organizations, integrating with existing role-based access control (RBAC) for resources.

[oschwartz10612]

Hi! Thanks for the suggestion!

I think what would be best here would be to remove the primary domain from the domains section of the config file and add it only to the orgs you need using the new UI domain management in the dashboard. This way it would only be in the orgs you need. Would this work?

But would be interested in feedback for this.

[jflattery]

Thanks, I'll give that a try and report back.