Uploaded image for project: 'Red Hat OpenShift Data Science'
  1. Red Hat OpenShift Data Science
  2. RHODS-141

1. Enabling users after install

XMLWordPrintable

    • Enabling users after install
    • False
    • False
    • No
    • To Do
    • 0% To Do, 7% In Progress, 93% Done
    • Undefined
    • No

      The MODH service will likely have at least 2 distinct user personas: 1) IT ops users; 2) data science users.  IT ops users will install the service and perform IT admin functions while data science users will develop models.  After an IT ops user installs MODH, he/she needs to give access to data science users so they can start working on the platform. 

      Reqs:

      1. P0: The system must provide a method for admin (eg IT ops) users to enable other users (eg. data science) to access the system after installation.
      2. P0: The system must support the ability to grant users either admin permissions or standard user permissions.
      3. P0: The system must allow only admin users to add/remove/modify users.
      4. P2: The system must provide some type of notification to enabled users to inform them that they have been granted access to the system.
      5. P0: Post notification, the system must allow enabled users to access the system without further assistance from the admin user granting access.
      6. P0: The system must provide a method for admin users to view a list of users with access to the system.
      7. P0: The system must provide a method to for admin users to remove another user's access to the system. Note: For removed users, the user-specific PVs and other resources should remain. The assumption is that admins should be able to access these resources & manually take actions to preserve or delete resources.
      8. P2: The system must not allow admin users to remove or modify their own access to the system.
      9. P2: The system must allow admin users to modify user permissions - either admin or user.

      Considerations/Questions:

      • Enabled users may or may not already have an account that can enable access to the system. In other words, they may already have login credentials (from access to other Red Hat services) or they may need to create an account.
      • Can we utilize a customer's enterprise IDP to enable SSO?
      • How are users created?  Keycloak (RH SSO)? OCP credentials? Do we just utilize OSD capabilities? 

      Assume that OpenShift manages user authentication

      • Need to consider what other capabilities should be restricted to admin only - likely covered in separate epic.
      • IT ops users have OCM account to be able to install add-ons
      • #4 - need to have common method of notifying users across OSD services. Minimum is ability to copy link to manually send to users.
      • leverage OpenShift group functionality for access to RHODS service
      • For removed users, might consider future feature to allow admins to automatically clean up (PV, config maps, keys) , backup, remove resources tied to the removed user.  Also might need ability to view contents of PV. Might to give access to another user. General process for addressing decisions to auto clean up, migrate resources, etc.
      • Need doc for user mgmt

              jkoehler@redhat.com Jacqueline Koehler
              jdemoss@redhat.com Jeff DeMoss
              Pablo Felix Pablo Felix (Inactive)
              Votes:
              0 Vote for this issue
              Watchers:
              9 Start watching this issue

                Created:
                Updated:
                Resolved: