Details
-
Feature
-
Resolution: Unresolved
-
Normal
-
None
-
None
-
None
-
False
-
-
False
-
Not Selected
-
0
-
0%
-
0
Description
Feature Overview (aka. Goal Summary)
The CIAM team is working on functionality to introduce two concepts that will be helpful for OCM users.
- Multiple workspaces: this allows customers to manage their clusters in different workspace, with access restrictions through RBAC groups
- Tenant: This allows customers to create multiple organizations and workspaces under a single customer tenant to manage their subscriptions at the top level
Goals (aka. expected user outcomes)
The goal is to address longstanding customer requirements related to more flexibility in managing resources (clusters), users, and subscriptions across teams and services in a more flexible manner.
Requirements (aka. Acceptance Criteria):
The requirement here is to conduct a spike to get a better understanding the features currently in-flight with the CIAM/RBAC team and the integration requirements for leveraging these features/capabilities in OCM.
Use Cases (Optional):
Include use case diagrams, main success scenarios, alternative flow scenarios. Initial completion during Refinement status.
There are two use cases in OCM that we are looking to address with the features being built by the CIAM/RBAC team
Access restrictions for clusters provisioned by different teams
Customers already have the ability to create multiple RH organizations for different teams and create clusters/resources in these orgs to manage access restrictions. However, this requires managing multiple distinct RH organizations along with different users in each RH org, Also, the RH organizations cannot share subscriptions and this is often a blocker as TAM/CSM resources cannot be shared and entitlements cannot be shared either. Ideally, customers should be able to create separate pools of clusters/resources that they can apply RBAC access restrictions to as a group. This is the cluster group concept that we were driving towards with RBAC phase 3.
Sharing subscriptions across different organizations / teams
Customer looking for separation of clusters/resources across teams still want to be able to share subscriptions and entitlements and have these be available for use by the different teams. A specific use case here is about allowing teams across RH organizations to share ROSA HCP private offers for their clusters. The "tenant" concept being worked on within the CIAM team allows customers to share subscriptions across organizations. Longer-term plans also include the ability to allocate specific subscription entitlements quantities to the different RH organizations under the tenant.
Questions to Answer (Optional):
Include a list of refinement / architectural questions that may need to be answered before coding can begin. Initial completion during Refinement status.
Out of Scope
High-level list of items that are out of scope. Initial completion during Refinement status.
Background
Provide any additional context is needed to frame the feature. Initial completion during Refinement status.
Customer Considerations
Provide any additional customer-specific considerations that must be made when designing and delivering the Feature. Initial completion during Refinement status.
Documentation Considerations
Provide information that needs to be considered and planned so that documentation will meet customer needs. Initial completion during Refinement status.
Interoperability Considerations
Which other projects and versions in our portfolio does this feature impact? What interoperability test scenarios should be factored by the layered products? Initial completion during Refinement status.