Epic Goal

• The role GLOBAL_READONLY_SUPER_USERS must allows members to read anything in Quay.

Why is this important?

• For security auditing purposes, users are requesting that there be a superuser that lacks write access but can read anything. They want to be able to use LDAP to select the users.

Scenarios

1. The GLOBAL_READONLY_SUPER_USERS role exists and users can be added to it via LDAP or list.
2. The role allows unrestricted read access to anything in Quay.

Acceptance Criteria

• CI - MUST be running successfully with tests automated
• Release Technical Enablement - Provide necessary release enablement details and documents.
• ...

Dependencies (internal and external)

1. ...

Previous Work (Optional):

1. We had previously attempted to implement this, however, a few bugs and limitations have appeared. The focus of this Epic is largely on allowing unrestricted access to anything in Quay and allowing users to define members via LDAP.
2. See linked bugs for functionality that needs to be addresses
3. https://issues.redhat.com/browse/PROJQUAY-2604

Open questions::

1. ...

Done Checklist

• CI - CI is running, tests are automated and merged.
• Release Enablement <link to Feature Enablement Presentation>
• DEV - Upstream code and tests merged: <link to meaningful PR or GitHub Issue>
• DEV - Upstream documentation merged: <link to meaningful PR or GitHub Issue>
• DEV - Downstream build attached to advisory: <link to errata>
• QE - Test plans in Polarion: <link or reference to Polarion>
• QE - Automated tests merged: <link or reference to automated tests>
• DOC - Downstream documentation merged: <link to meaningful PR>