Uploaded image for project: 'Red Hat OpenShift Data Science'
  1. Red Hat OpenShift Data Science
  2. RHODS-1079

FUTURE GA: Enabling users after install

    XMLWordPrintable

Details

    • Enabling users after install
    • False
    • False
    • No
    • To Do
    • 80
    • 80% 80%
    • Undefined
    • No
    • Pending
    • None

    Description

      The MODH service will likely have at least 2 distinct user personas: 1) IT ops users; 2) data science users.  IT ops users will install the service and perform IT admin functions while data science users will develop models.  After an IT ops user installs MODH, he/she needs to give access to data science users so they can start working on the platform. 

      Reqs:

      1. P1: The system must provide some type of notification to enabled users to inform them that they have been granted access to the system.
      2. P1: Post notification, the system must allow enabled users to access the system without further assistance from the admin user granting access.
      3. P0: The system must provide a method for admin users to view a list of users with access to the system.
      4. P2: The system must not allow admin users to remove or modify their own access to the system.

      Considerations/Questions:

      • Enabled users may or may not already have an account that can enable access to the system. In other words, they may already have login credentials (from access to other Red Hat services) or they may need to create an account.
      • Can we utilize a customer's enterprise IDP to enable SSO?
      • How are users created?  Keycloak (RH SSO)? OCP credentials? Do we just utilize OSD capabilities? 

      Assume that OpenShift manages user authentication

      • Need to consider what other capabilities should be restricted to admin only - likely covered in separate epic.
      • IT ops users have OCM account to be able to install add-ons
      • #4 - need to have common method of notifying users across OSD services. Minimum is ability to copy link to manually send to users.
      • leverage OpenShift group functionality for access to RHODS service
      • For removed users, might consider future feature to allow admins to automatically clean up (PV, config maps, keys) , backup, remove resources tied to the removed user.  Also might need ability to view contents of PV. Might to give access to another user. General process for addressing decisions to auto clean up, migrate resources, etc.
      • Need doc for user mgmt

      Attachments

        Issue Links

          clones

          Epic - Created by Jira Software - do not edit or delete. Issue type for a big user story that needs to be broken down. RHODS-141 1. Enabling users after install

          • Major - To be worked after higher priority work items are addressed. When the severity is high and the effort to change it is low to moderate, this term is chosen. Issues in this category likely have an existing workaround but implementation or execution may be non-trivial.
          • Resolved

          Activity

            People

              Unassigned Unassigned
              jdemoss@redhat.com Jeff DeMoss
              Pablo Felix Pablo Felix
              Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

                Created:
                Updated: