Comments (4)
It's possible to add map roles to a ldap group. But there are some limitation with RBAC. (Please correct me if Iam wrong with it)
- Key Value Store: I have set up a role for any System Namespace Scope. I can not create any Team Namespace.
- To Use the UI I need setup Global Read for List View on Rules, Executions, Action, Packs to use the UI. Would be better to have a Kind of filter View that users only see the stuff belong to there Teams.
At the moment I'am working on a POC to build a MultiTeam Shared Stackstorm Instance. In The past we had many but that generate a lot of cost in the cloud.
from st2.
What I would perhaps also like to see, if you're going to implement team segmentation like this, is to be able to segment the workspace of the users. My current setup has ST2 instance running on a server with manually added team-specific folders into st2.conf packs_base_paths. Since ST2 allows for creation of workflows in the UI, but does not allow for creation of python actions, I've also put JupyterHub (that spawns user-specific jupyter notebook server via docker) onto the same host. This way I can have team specific folders mounted into Jupyter and people can create or modify py scripts without having access to the server.
from st2.
Can't I currently do something like this with LDAP mapping to RBAC roles?
from st2.
I agree with the Key Value Store, and it would add (or I'd like to see) a feature for auto-deleting the values if a team is un-assigned from the instance. Overall this is a good idea, as client / user data separation is a good practice in corporate environments.
from st2.
Related Issues (20)
- st2kv : Non-hexadecimal digit found
- All workerflow instances stop in running state
- create Pod stackstorm-ha-1709204765-mongodb-0 in StatefulSet stackstorm-ha-1709204765-mongodb failed error: pods "stackstorm-ha-1709204765-mongodb-0" is forbidden: unable to validate against any security context constraint: [provider "anyuid": Forbidden: not usable by user or serviceaccount, provider "pipelines-scc": Forbidden: not usable by user or serviceaccount, provider "robusta-scc": Forbidden: not usable by user or serviceaccount, provider restricted-v2: .spec.securityContext.fsGroup: Invalid value: []int64{1001}: 1001 is not an allowed group, provider restricted-v2: .containers[0].runAsUser: Invalid value: 1001
- SSH Key not working as Content / Matrial without using a File HOT 6
- Provide support for passing "=" in a string
- MongoDB issue
- old pytz version
- Questions about Copilot + Open Source Software Hierarchy
- Implications of REDIS license change?
- many zombie processes forked by st2actionrunner HOT 5
- Timeout support for Orquesta tasks HOT 2
- Environment variables from file in Actions HOT 2
- Application compatibility with RHEL8 HOT 7
- Pack rule operator exists / nexists should not have criteria pattern mandatory
- Fix unit tests to not require the `stanley` system_user? HOT 1
- Encrypted List in Datastore Not Validating as Array When Triggered by IntervalTimer HOT 2
- Assign action to specific worker HOT 5
- core.ask not working with join?
- Inquiries with invalid schema go to blank page HOT 1
- Manually delete or cancel inquiries HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from st2.