Organisation fo ST2 about st2 HOT 4 OPEN

It's possible to add map roles to a ldap group. But there are some limitation with RBAC. (Please correct me if Iam wrong with it)

1. Key Value Store: I have set up a role for any System Namespace Scope. I can not create any Team Namespace.
2. To Use the UI I need setup Global Read for List View on Rules, Executions, Action, Packs to use the UI. Would be better to have a Kind of filter View that users only see the stuff belong to there Teams.

At the moment I'am working on a POC to build a MultiTeam Shared Stackstorm Instance. In The past we had many but that generate a lot of cost in the cloud.

from st2.

What I would perhaps also like to see, if you're going to implement team segmentation like this, is to be able to segment the workspace of the users. My current setup has ST2 instance running on a server with manually added team-specific folders into st2.conf packs_base_paths. Since ST2 allows for creation of workflows in the UI, but does not allow for creation of python actions, I've also put JupyterHub (that spawns user-specific jupyter notebook server via docker) onto the same host. This way I can have team specific folders mounted into Jupyter and people can create or modify py scripts without having access to the server.

from st2.

Can't I currently do something like this with LDAP mapping to RBAC roles?

from st2.

I agree with the Key Value Store, and it would add (or I'd like to see) a feature for auto-deleting the values if a team is un-assigned from the instance. Overall this is a good idea, as client / user data separation is a good practice in corporate environments.

from st2.