search

SAP-samples / btp-setup-automator

Automate the setup of your SAP BTP account with the SAP BTP CLI and other CLI tools.
Apache License 2.0
94 stars 43 forks source link

[BUG] How to add OrgUser to CF spaces for service accounts #608

Closed dachtera closed 10 months ago

dachtera commented 10 months ago

Is there an existing issue for this?

Are you using the latest docker image for BTPSA?

Which area is mainly impacted

Docker Image (Build or Run)

Current Behavior

Unsure if this is a bug, or unsupported feature,

We need to add in 'OrgUser' access for our Service Account to ensure minimal access is provided.

We have tried to add in the following: { "name": "OrgUser", "type": "cloudfoundry", "level": "org", "assignedUserGroupsFromParameterFile": [ "hca_service_account"
]

With no luck. We had expected similar behavior as the OrgManager and OrgAuditor roles.

Is there something I am missing for setting up users for OrgUser access only?

Expected Behavior

We would expect to see users only granted Org User access in the noted CF space, not Manager, Developer access etc.

Steps To Reproduce

No response

Logs and configuration files available?

No response

Anything else?

No response

lechnerc77 commented 10 months ago

The CF CLI does not offer a method to assign the OrgUser role as standalone role (see https://cli.cloudfoundry.org/en-US/v8/set-org-role.html).

According to help.sap.com the OrgUser role is automatically assigned once a space member is created (see https://help.sap.com/docs/btp/sap-business-technology-platform/about-roles-in-cloud-foundry-environment. Assigning your user to the space should be sufficient for providing the OrgUser role for this user.