Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Assign roles to SAML users #62

Closed
cyork opened this issue Aug 2, 2020 · 5 comments
Closed

Assign roles to SAML users #62

cyork opened this issue Aug 2, 2020 · 5 comments
Assignees
@bseeger
Labels
dev

Comments

@cyork
Copy link

cyork commented Aug 2, 2020

@emetsger
@cyork cyork added the Phase I label Aug 2, 2020
@htpvu htpvu added the dev label Aug 4, 2020
@cyork
Copy link
Author

cyork commented Aug 13, 2020

We have users intended to be global administrator and collection admins created in the enable SAML ticket, but have not assigned roles yet. Assign the appropriate roles to these users, and verify that the appropriate resource protections are enforced (i.e. a collection admin can add/remove items to collections he or she controls, but not others).

This task almost certainly involves creating some pre-populated initial collections that are available when launching the local development environment.

@derekbelrose derekbelrose mentioned this issue Nov 11, 2020
Closed
7 tasks
@htpvu htpvu assigned birkland and unassigned bseeger Jan 20, 2021
@htpvu htpvu removed the Phase I label Mar 29, 2021
@htpvu htpvu assigned bseeger and unassigned birkland Mar 29, 2021
@bseeger
Copy link

bseeger commented Apr 7, 2021

The infrastructure for this is setup and functional. The last part of this is to setup the Drupal SAML information, per system, for the JHU/test users that are expected to access those systems and the roles they should have.

Remaining tasks:

  • Setup users in dev/local environment. staff1 is a Global Admin, staff2 is a collection level admin (part of Role settings workbench idc-isle-dc#104)
  • Production System: Get information from Katie about initial users for this system and their role assignment
  • Production System: Configure Drupal SAML module with that user information.
  • If Production setup for this is not the same as Stage, figure out the users of Stage and configure the Drupal SAML module for them.
  • Sandbox: use same users as local env? (fake users contacting a fake IdP?)
  • Decide what to do with JHU users who try to log in but have no role permissions - for example a random person with a JHID but no actual association with the repo. Would they just be an authenticated user and have the same experience as an end users? Or can we somehow block them from having a successful login?

@bseeger bseeger mentioned this issue Apr 7, 2021
Merged
@bseeger
Copy link

bseeger commented Apr 16, 2021
edited
Loading

Ticket #318 needs work before we can configure the SAML information above.

@bseeger
Copy link

bseeger commented May 11, 2021

I think we decided in a meeting that it was okay to not have the systems have assigned users and that Katie would setup permissions for a user after the first time they logged in. @htpvu and @birkland is that your recollection? If so, I think we can close this and #318.

@birkland
Copy link

Katie and/or an admin would assign permissions on a case-by-case basis

This was referenced Jun 29, 2021
Closed
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bseeger bseeger

Labels
dev
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@birkland @cyork @bseeger @htpvu