Goal:

To establish a clear, secure, and efficient process for granting user permissions to Konflux tenants and associated resources. This will replace manual ad-hoc requests, reduce administrative overhead, and ensure that users can get the access they need to perform their duties in a timely and auditable manner.

Acceptance Criteria:

• A user can submit a request for access to a specific Konflux tenant using a standardized Jira ticket.

• The request form clearly captures the user's identity, the required tenant, the specific permission level needed (e.g., Admin, Developer, Read-Only), and a business justification.

• Designated approvers are automatically notified of a new access request.

• Approvers can approve or deny the request.

• The requesting user receives a notification confirming that their access has been granted and can successfully log in and use the Konflux tenant with the correct permissions.

• The entire process, from request to approval and provisioning, is logged in Jira.

• A clear process is defined for revoking permissions when a user changes roles or leaves the company.

Open questions:

• What are the specific roles and permission sets we need to define within Konflux? (e.g., what can a "Developer" do vs. a "Read-Only" user?)

• What are the "other stuff" / associated resources that should be included in this process?

• Who are the designated approvers for each Konflux tenant and associated resource?

• Will we require periodic access reviews to ensure permissions remain appropriate over time?

• How will this process handle requests for temporary access or for service accounts?