search

OpenConext / OpenConext-dashboard

Dashboard for IdP administrators to view and adminster SP connections
Apache License 2.0
7 stars 11 forks source link

Change check for super user rights #382

Closed phavekes closed 1 hour ago

phavekes commented 1 hour ago

This issue is imported from pivotal - Originaly created at Feb 15, 2019 by Raoul Teeuwen

Currently, based on membership of dashboard_super_user a user has super user rights. SURFnet has \'alligned\' how it controls access. So what would it cost to change it and check for membership of either teams "SURFconext_TPM_core", "SURFconext_TPM_support", "SURFconext_PM" or "SURFconext_eerstelijns_support" (so members all of those would gain super user rights)?

phavekes commented 1 hour ago 
@raoulteeuwen The property of the super_users team name now supports multiple team names comma separated. See https://github.com/OpenConext/OpenConext-deploy/blob/master/roles/dashboard-server/templates/application.properties.j2#L19

@thijskh The TPM can change the ansible variable that determines this property. (Okke Harsta - Mar 29, 2019)

phavekes commented 1 hour ago

Thanks, I\'ve configured this appropriately for the prod environment. (Thijs Kinkhorst - Mar 29, 2019)

phavekes commented 1 hour ago 
@raoulteeuwen Waarom is deze feature gewenst ..?? (Henny Bekker - Mar 31, 2019)
phavekes commented 1 hour ago 
@hennybekker zoals je op https://wiki.surfnet.nl/display/coininfra/Rechtentabel kunt zien, zijn er meerdere teams die super-user-rechten moeten hebben. Dat is de reden voor deze change. (Raoul Teeuwen - Mar 31, 2019)
phavekes commented 1 hour ago 
@raoulteeuwen Ah .. Oké...   Misschien dat toch eens door de feature list lopen en een andere manier vinden om te activeren daar als je nu superuser bent bepaalde features niet beschikbaar zijn wat lastig als je je dan op n-aantal teams moet afmelden en daarna weer aan moet melden ... :-( (Henny Bekker - Mar 31, 2019)