Management of Namespace Owners in Galaxy

It was mentioned in another post that: “in galaxy we’re managing namespace ownership directly via users”.

How do we add/remove owners for our namespace? Is that documented somehere?

Many thanks :slight_smile:

I think you would click on the left-hand menu Collections then click on Namespaces then click on My namespaces

Then click on Access and assign users there

Hi @IPvSean, seems reasonable, but there is only the option of groups:


And the list of groups is a list of totally random stuff:

With the “Filter by name” box I can’t find any of our users, the list seems totally unrelated to us?

Namespace management with users is a work in progress that is almost done Allow users for namespace creation. by jctanner · Pull Request #1899 · ansible/galaxy_ng · GitHub

For now, the only way to see and manipulate the owners of a v3 namespace are through the v1 “backdoor” as documented here Administration - Galaxy NG

4 Likes

Thanks @tannerjc. I see the PR is merged, looking forward to the changes going live on galaxy.ansible.com

1 Like

We have the UI components deployed in galaxy-dev, but I found another bug in the API and have a fix in flight … Enable social auth users to see other users. by jctanner · Pull Request #1934 · ansible/galaxy_ng · GitHub

1 Like

Thank you, looks like the user-based approach is now live in prod :grin:

Can I ask how the groups option works? How do we create/modify a group, is it meant to avoid listing individual users as namespace owners?

Thank you

GalaxyNG’s RBAC up till now was group driven. An internal architecture decision was made to switch to user based RBAC for community galaxy so that we didn’t have tens of thousands of groups in the system. There’s nothing technically stopping the usage of groups still for RBAC, but we’d have to enable the group and user management components in the UI to make it more obvious and then also consider how we go about delegating permissions for group CRUD.

I’d say that for the time being, just ignore the groups elements in that UX. If it’s something you’d like to have though, we can take that as a feature request.

1 Like

Understood, thanks for the detailed explanation. We’ll just do individual user-based CRUD for now.

Given user auth is outsourced to GitHub, a natural extension would be to use teams defined within GitHub as the “groups”, that would work very well for us as the collection of users who need to be namespace owners are already in a GitHub team, but I admit I have no idea if this idea is technically feasible. Thank you