Fine-grained authorization refactor (Users and Roles)
planned
Rob Newman
Merged in a post:
Disable ability for user to delete their own account
Adam Talbot
For enterprise deployments, it would be useful to prevent users deleting their own accounts so we can manage accounts centrally. Could we disable the delete account button in a users profile area?
Rob Newman
Merged in a post:
Ability for admin to hide credentials from 'other' providers
Adam Talbot
As an administrator for a platform I would like the ability to hide credentials for other services my employees are not permitted to use. e.g., if we have signed a contract with Microsoft Azure I would like to disable the ability for a user to add AWS or GCP credentials.
The same could also be applied for Git and on-premise integrations.
Rob Newman
Merged in a post:
Allow Launch users to disable "resume" when relaunching runs
L
Lime Tuna
Our Launch users are responsible for monitoring pipelines at scale and intervening when necessary. Sometimes, runs need relaunching from the beginning of the workflow which requires Launch users to disable "resume" in the re-launch window, but this isn't currently possible. Please can Launch user permissions be modified to allow disabling of "resume"?
Rob Newman
Merged in a post:
IAM Service-linked Role for credential-less access for Compute Environments
G
Gold Lamprey
On the Seqera Add Credentials page, both Access and Secret keys are mandatory fields, even when specifying a role. We're interested in exploring the possibility of exclusively utilizing role-based access without the need to provide credentials.
Rob Newman
Merged in a post:
Questions about permissions and roles
M
Manual Caterpillar
We ran into some issue where the behavior of the user permissions differed significantly from what we expected and want to clarify if its intended behavior or a misconfiguration or bug on our side.
First, It looks like users ordinary/non-admin users are able to create organizations at will. Is this intended functionality and if it is, is there a way to stop it?
Second, When we add a user to an organization are they supposed to be able to see all the shared workspaces in it?
Because right now when we add users to orgs they don't see any workspaces they aren't explicitly added to.
Rob Newman
planned
Planned for 2025H2
C
Charcoal Mandrill
> Regarding visibility of shared workspaces - users can only see workspaces they have explicitly been added to.
This is pretty confusing since I am able to add pipelines to the LaunchPad in a Shared workspace and those pipelines show up in all other Workspaces in the Org
So the resources of a Shared Workspace are viewable from other Workspaces but the Shared Workspace itself isnt?
Since its not possible to "log in as another user" when you are using enterprise OIDC for your user account management it seems like there is not much capability to check on this for ourselves, at least that I am aware of. Wondering if I am missing something.
Rob Newman
Charcoal Mandrill: You are not missing something. This is how shared workspaces were designed - a shared workspace can have it's pipelines run in all workspaces of an organization. You may need this if you want a small subset of users to "manage" the CEs and pipelines in the shared workspace.
C
Charcoal Mandrill
Has this been changed? Because I, as the Admin of our Seqera Platform internal deployment, cannot create any new Org's at all, it tells me that the limit for Org's in platform is only 1.
Anton Tsyganov-Bodounov
Merged in a post:
Introduce Platform Admin Role Without Workspace Deletion Permissions
Anton Tsyganov-Bodounov
Add an additional platform admin-like role without workspace deletion privileges.
Andrew Dawson
evaluating
Load More
→