Fine-grained authorization refactor (Users and Roles)
planned
Rob Newman
Merged in a post:
Questions about permissions and roles
M
Manual Caterpillar
We ran into some issue where the behavior of the user permissions differed significantly from what we expected and want to clarify if its intended behavior or a misconfiguration or bug on our side.
First, It looks like users ordinary/non-admin users are able to create organizations at will. Is this intended functionality and if it is, is there a way to stop it?
Second, When we add a user to an organization are they supposed to be able to see all the shared workspaces in it?
Because right now when we add users to orgs they don't see any workspaces they aren't explicitly added to.
Rob Newman
planned
Planned for 2025H2
C
Charcoal Mandrill
> Regarding visibility of shared workspaces - users can only see workspaces they have explicitly been added to.
This is pretty confusing since I am able to add pipelines to the LaunchPad in a Shared workspace and those pipelines show up in all other Workspaces in the Org
So the resources of a Shared Workspace are viewable from other Workspaces but the Shared Workspace itself isnt?
Since its not possible to "log in as another user" when you are using enterprise OIDC for your user account management it seems like there is not much capability to check on this for ourselves, at least that I am aware of. Wondering if I am missing something.
Rob Newman
Charcoal Mandrill: You are not missing something. This is how shared workspaces were designed - a shared workspace can have it's pipelines run in all workspaces of an organization. You may need this if you want a small subset of users to "manage" the CEs and pipelines in the shared workspace.
C
Charcoal Mandrill
Has this been changed? Because I, as the Admin of our Seqera Platform internal deployment, cannot create any new Org's at all, it tells me that the limit for Org's in platform is only 1.
Anton Tsyganov-Bodounov
Merged in a post:
Introduce Platform Admin Role Without Workspace Deletion Permissions
Anton Tsyganov-Bodounov
Add an additional platform admin-like role without workspace deletion privileges.
Andrew Dawson
evaluating
Rob Newman
acknowledged
Rob Newman
Merged in a post:
More fine-grained control of Pipeline visibility to specific users
W
Weekly Elk
Is it possible to get fine-grained control over what Pipelines a given user can see? I know this would be possible by splitting up the Pipelines into different Workspaces, but these Pipelines share all their infrastructure (Compute Environments, Credentials, Secrets), so it would be frustrating to recreate them across separate Workspaces. Is it possible to achieve this through shared Workspaces?
Note: we have other Workspaces that do not share the same infrastructure as this one, so we would not want those to also get any shared infrastructure.
Rob Newman
Merged in a post:
Ability for power users (Owner-role, Admin-role, Maintain-role) to assume Launch-role users
Jon Manning
When writing up processes for
Launch
role users I've encountered a number of problems when the features I've prototyped (tags, launch settings, etc) are unavailable to the users the process is defined for. As a a user with elevated role permissions, it would be very useful to interact with the Seqera Platform as if I were a user with the
Launch
role, so that I can work up processes that will work for everyone.Rob Newman
Merged in a post:
Allowing the user to provide a file in the launchpad?
O
Olive Aardvark
We are trying to deploy a demultiplexing / pre-processing pipeline on Seqera.
The input to the pipeline is typically a list of fastq files. Nevertheless, the users (which will be the customer) might want to give an additional metadata table, which will allow our script to re-name samples after demultiplexing, and thus allow the user to provide their own personalised sample names, a feature that is really important to us.
To our sense, the best way to do that would be to allow the user to provide an excel file as an input in the LaunchPad on Seqera. Our pipeline is able to read and process this excel file. The only problem is that we can only "Browse" files that are on the S3 buckets we deployed, but we would like the user to be able to browse its own computer's files.
Load More
→