Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

ROLE_READ to allow seeing account details of all users #794

Open
maarten-litmaath opened this issue Jun 20, 2024 · 1 comment · May be fixed by #842
Open

ROLE_READ to allow seeing account details of all users #794

maarten-litmaath opened this issue Jun 20, 2024 · 1 comment · May be fixed by #842
Assignees
@garaimanoj
Labels
component/db Issue that includes one or more db migrations kind/feature priority/high

Comments

@maarten-litmaath
Copy link

maarten-litmaath commented Jun 20, 2024
edited
Loading

Paraphrasing an e-mail thread initiated by ATLAS:

Currently only VO Admins have access to user details and our experts that 
are not VO Admins lost the option to check user VO account configuration 
while troubleshooting issues with grid activities. We have a lot of experts 
(and support people) for different components of our distributed system and 
it would not make sense to give them all full IAM privileges. We need a 
better way to provide them with user account details: a new IAM "ROLE_READ" 
is quite desirable for the relevant people to be allowed to see all account 
details (except secrets) with the IAM web interface.

And:

It is quite annoying to live without this functionality, 
so from our point of view this is quite an urgent issue.

The exact name of the role can be discussed.
@maarten-litmaath
Copy link
Author

Hi all,
Hannah and I looked into what would be exposed via the GUI and concluded there does not seem to be anything we need to be really concerned about. If it would help, a configuration option could initially allow all users of a VO to see the details of other (non-admin?) users, while ultimately we would want to make use of the proposed new role instead.

@enricovianello enricovianello added kind/feature component/db Issue that includes one or more db migrations labels Aug 8, 2024
@garaimanoj garaimanoj self-assigned this Aug 19, 2024
@garaimanoj garaimanoj linked a pull request Sep 9, 2024 that will close this issue
Add a READER role that gives read access to users and groups info #842
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@garaimanoj garaimanoj

Labels
component/db Issue that includes one or more db migrations kind/feature priority/high
Projects
VOMS-Admin EOL tasks
Status: On Review
v1.11.0
Status: On Review
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Add a READER role that gives read access to users and groups info indigo-iam/iam
3 participants
@enricovianello @maarten-litmaath @garaimanoj