New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Update adminstrator access control document #779
Conversation
vomba
commented
Jan 24, 2024
- personal data beyond what is necessary for interacting with this Pull Request;
- business confidential information, such as customer names.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thank you for picking up this issue!
Could we take this opportunity to also clean up the deprecated usage of the term "super application developer". According to our Glossary, we should aim for something like:
- Application Developers who are Grafana administrators
- Application Developers who are Harbor system administrators
- Application Developers who are Kubernetes admins
@@ -89,12 +91,12 @@ harbor: | |||
When OIDC (e.g. DeX) is enabled we cannot create static users using the Harbor web interface. But when anyone logs in via DeX they automatically get a user and we can promote that user to admin. | |||
Once there is one admin, they can set specific permissions for other users (there should be at least a few users promoted to admins). | |||
|
|||
## Grafana | |||
### Grafana | |||
|
|||
!!!note | |||
This section assumes that [elastisys/compliantkubernetes-apps/pull/450](https://github.com/elastisys/compliantkubernetes-apps/pull/450) is merged |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This PR is now merged, so we can remove this note.
|
||
## Users onboarding | ||
|
||
This describes how to create Super application developers |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
We decided some time ago to not use "Super" anymore. (See Glossary / Application Developer.)
Could we take this opportunity to fix this too?
|
||
### Grafana | ||
|
||
1. Super application developer logs in to Grafana via OpenID |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same comment as above.
|
||
### Harbor | ||
|
||
1. Super application developer logs in to Harbor via OpenID |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Same comment as above.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I think I found a slightly better formulation. PTAL and merge when happy.
Thanks a lot for refreshing this page!
Co-authored-by: Cristian Klein <cristian.klein@elastisys.com>