Questions about permissions and roles
evaluating
M
Manual Caterpillar
We ran into some issue where the behavior of the user permissions differed significantly from what we expected and want to clarify if its intended behavior or a misconfiguration or bug on our side.
First, It looks like users ordinary/non-admin users are able to create organizations at will. Is this intended functionality and if it is, is there a way to stop it?
Second, When we add a user to an organization are they supposed to be able to see all the shared workspaces in it?
Because right now when we add users to orgs they don't see any workspaces they aren't explicitly added to.
C
Charcoal Mandrill
> Regarding visibility of shared workspaces - users can only see workspaces they have explicitly been added to.
This is pretty confusing since I am able to add pipelines to the LaunchPad in a Shared workspace and those pipelines show up in all other Workspaces in the Org
So the resources of a Shared Workspace are viewable from other Workspaces but the Shared Workspace itself isnt?
Since its not possible to "log in as another user" when you are using enterprise OIDC for your user account management it seems like there is not much capability to check on this for ourselves, at least that I am aware of. Wondering if I am missing something.
Rob Newman
Charcoal Mandrill: You are not missing something. This is how shared workspaces were designed - a shared workspace can have it's pipelines run in all workspaces of an organization. You may need this if you want a small subset of users to "manage" the CEs and pipelines in the shared workspace.
C
Charcoal Mandrill
Has this been changed? Because I, as the Admin of our Seqera Platform internal deployment, cannot create any new Org's at all, it tells me that the limit for Org's in platform is only 1.
Rob Newman
evaluating
Manual Caterpillar: Thanks for your question.
Currently, non-admin users are able to create organizations (up to the threshold defined by your licensing agreement). We are evaluating changing this.
Regarding visibility of shared workspaces - users can only see workspaces they have explicitly been added to.
Do let us know if you have further questions or comments.
Rob Newman
acknowledged