Admin user controls

[Slugger70]

We need to add a user interface on the admin page of the GVL dashboard to add users for the GVL_commandline_services. i.e. Everything we use the researcher user for.. Rstudio, Jupyter hub, command line, etc

[madisonkeene]

Adding my 2c- Alongside the admin create account stuff it would be cool to have a way for users to create their own accounts for all those things, then an option for admins to turn that feature off- that way for managed instances like the ABRPI machine you don't have to sit there creating accounts for people, but if an admin wants to regulate who gets accounts on their GVL then they can.

[tseemann]

I think @madiflannery is right. It is not sustainable to have a single admin. There needs to be a way to delegate it.

[Slugger70]

I agree. We want Admins to be able to trust their users if they are a small group. Maybe registering on the server will create accounts on Galaxy, RStudio, Jupyter and anything else that has already been installed. Then we also need to think about what happens to services that get installed afterwards. Do user accounts propogate? SMRTPortal is an example. Or can we really start to look at using LDAP or something like that to handle all of these issues.

[nuwang]

Sounds like a really good idea. A single-sign on system across the whole system would be great to have, but I'm not sure to what extent these tools support that individually (e.g. Does SMRT portal have LDAP support? Maybe - https://github.com/PacificBiosciences/SMRT-Link).

The second option of manually synchronising accounts sounds much harder to do.

[madisonkeene]

In an ideal world LDAP would be the way to go but also not sure how many services actually support that. What @Slugger70 suggested shouldn't be too bad assuming you don't add services later- I have no idea how you'd go about propagating the accounts - you'd basically need a list of usernames and passwords, and you can't store passwords in plain text. Or you'd have to have something to detect what accounts a user does and doesn't have, then prompt them to re-enter their password if they want to make an account for a service in which they dont have one? I dunno