[v1.30] Dynamic user management docs #3092

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Merged

g-despot merged 15 commits into v1-30/main from v1-30/dynamic-users

Apr 3, 2025

Contributor

g-despot commented Mar 12, 2025

What's being changed:

New documentation for managing users and API keys in Weaviate.

Type of change:

Documentation updates (non-breaking change to fix/update documentation)

How Has This Been Tested?

GitHub action – automated build completed without errors
Local build - the site works as expected when running yarn start


          Initial restructuring

fe3a608

g-despot self-assigned this

g-despot changed the base branch from main to v1-30/main

March 12, 2025 12:29

orca-security-eu bot reviewed

View reviewed changes

orca-security-eu bot left a comment

Orca Security Scan Summary

Status	Check	Issues by priority
Passed	Infrastructure as Code	0 0 0 0	View in Orca
Passed	SAST	0 0 0 0	View in Orca
Passed	Secrets	0 0 0 0	View in Orca
Passed	Vulnerabilities	0 0 0 0	View in Orca


          Update docs

02f0b01

orca-security-eu bot reviewed

View reviewed changes

orca-security-eu bot left a comment •

edited

Loading

Orca Security Scan Summary

Status	Check	Issues by priority
Passed	Secrets	0 0 0 0	View in Orca

weaviate-git-bot commented Mar 13, 2025

Great to see you again! Thanks for the contribution.

beep boop - the Weaviate bot 👋🤖

PS:
Are you already a member of the Weaviate Slack channel?

g-despot added 8 commits

March 17, 2025 11:19


          Merge branch 'main' into v1-30/dynamic-users

0a0ae20


          Update docs

356d354


          Merge branch 'v1-30/main' into v1-30/dynamic-users

3f1d1c1


          Add OIDC user management

ac8ef7b


          Merge branch 'v1-30/main' into v1-30/dynamic-users

09e4f64


          Update code snippets

2d82afa


          Update docs

a717839


          Update docs

6eac57f

g-despot marked this pull request as ready for review

March 26, 2025 12:31


          Update docs

f9ab570

databyjp reviewed

View reviewed changes

developers/weaviate/configuration/rbac/manage-users.mdx


		In Weaviate, Role-based access control (RBAC) allows you to define roles and assign permissions to those roles. Users can then be assigned to roles and inherit the permissions associated with those roles.

		On this page, you will find examples of how to programmatically manage users and their associated roles with Weaviate client libraries.

Contributor

databyjp Mar 28, 2025

Hey @g-despot I think this was ported over from an earlier version, but maybe it could be reviewed once again.

Reading this page, I wonder if "User" here could be clarified to use the term "Database user" where applicable as Sebastian mentioned in our discussion, to contrast against "OIDC user".

Then, user could mean: Union[Database user, OIDC user]. Wdyt?

Contributor Author

g-despot Mar 29, 2025

I agree, this could be a good place to introduce the different user types. I will also try to follow this naming convention where it makes sense Union[Database user, OIDC user]

databyjp reviewed

View reviewed changes

developers/weaviate/configuration/rbac/manage-users.mdx Outdated

+              <!-- NOTE: left out AUTHORIZATION_ADMINLIST_USERS to dissuade usage -->
+              <!-- TODO[g-despot]: Check if DB_DYNAMIC is renamed -->
+              Under the hood, Weaviate differentiates three types of users:
+              - `DB_DYNAMIC`: Database users that can be fully managed through the API.

Contributor

databyjp Mar 28, 2025

You have a todo here, but just another reminder re: naming ;)

Contributor Author

g-despot Mar 29, 2025

Thank youuu :)

databyjp reviewed

View reviewed changes

developers/weaviate/configuration/rbac/manage-users.mdx


		<ConfigureRbac />

		## User management <i class="fas fa-user-edit"></i> {#user-management}

Contributor

databyjp Mar 28, 2025

This is about the DB users, right?

Wdyt about a section like "Database user operations"? Reason being that 'manage' in "Manage users" of the page also seems to include updating user permissions

Contributor Author

g-despot Mar 29, 2025

As the list_all command also concerns OIDC users I wouldn't necessarily name the whole section "database users". Maybe this could work:

User management
- List all users
- Create a database user
- Delete a database user
- Rotate database user API key

databyjp reviewed

View reviewed changes

developers/weaviate/configuration/rbac/manage-users.mdx Outdated


		On this page, you will find examples of how to programmatically manage users and their associated roles with Weaviate client libraries.

		import ConfigureRbac from '/_includes/configuration/configure-rbac.mdx';

Contributor

databyjp Mar 28, 2025

I'm a little unsure about this section. It feels like an incomplete set of steps for configuring RBAC.

Contributor Author

g-despot Mar 29, 2025

Maybe it's not even needed on this page, will remove, but I would like to keep it on the "Manage roles" page as it's important to make the user aware of the user API being needed to assign roles to users.

databyjp reviewed

View reviewed changes

developers/weaviate/configuration/rbac/manage-users.mdx

		In Weaviate, Role-based access control (RBAC) allows you to define roles and assign permissions to those roles. Users can then be assigned to roles and inherit the permissions associated with those roles.

		On this page, you will find examples of how to programmatically manage users and their associated roles with Weaviate client libraries.

Contributor

databyjp Mar 28, 2025

Wdyt about introducing the three user tiers up here for clarity? That sets up the rest of the sections.

DB_USER
DB_ENV_USER
OIDC

databyjp reviewed

View reviewed changes

developers/weaviate/configuration/rbac/manage-users.mdx Outdated


		### List all users

		This example shows how to get a list of all the users in Weaviate.

Contributor

databyjp Mar 28, 2025

e.g. here, we would want to be clear what we mean by user. Whether these are just DB users, DB + DB_ENV users, or DB, DB_ENV and OIDC users with roles.

databyjp reviewed

View reviewed changes

developers/weaviate/configuration/rbac/manage-users.mdx Outdated


		</details>

		## User permissions management <i class="fas fa-user-lock"></i> {#user-permissions-management}

Contributor

databyjp Mar 28, 2025

I think I might want to know what subset of users this applies to (e.g. DB + DB_ENV users)


          Implement feedback

26f09c1

orca-security-eu bot reviewed

View reviewed changes

orca-security-eu bot left a comment •

edited

Loading

Orca Security Scan Summary

Status	Check	Issues by priority
Passed	Secrets	0 0 0 0	View in Orca

g-despot added 3 commits

April 1, 2025 17:23


          Merge branch 'v1-30/main' into v1-30/dynamic-users

e520517


          Merge branch 'v1-30/main' into v1-30/dynamic-users


          Update versions

296ff57

g-despot merged commit 588f41a into v1-30/main

3 checks passed

g-despot deleted the v1-30/dynamic-users branch

April 3, 2025 07:47

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet