Grant User Access
User access is configured via Keycloak.
You will need to sign in with the root administrator account.
At the moment we only use the Public realm in Keycloak.
|
| We should ideally be using Keycloak as intended, with roles and scopes etc. However, due to time limitations getting in the way of working out how to get clients to retrieve correct roles from the Keycloak api when this was first implemented, the access model we are actually using is a bit of a kludge using groups and attributes. |
Infra Access
-
Create a Keycloak group for the infra, conventionally named
Infra<InfraName> -
Declare these group attributes:
| Attribute | Value |
|---|---|
|
A random string |
|
The name of the infra |
-
Add users to the group
-
In the
groups_vars/infrafile, set the following:
| Var | Value |
|---|---|
|
The value for the |
User Role
| A User’s permissions role is currently also defined by groups, which are global in effect. i.e. You cannot be an 'operator' for one infra and a 'viewer' in another. This obviously needs to change soon. |
See Roles & Permission for details on how to set the permissions role.