It was mentioned in another post that: “in galaxy we’re managing namespace ownership directly via users”.
How do we add/remove owners for our namespace? Is that documented somehere?
Many thanks
It was mentioned in another post that: “in galaxy we’re managing namespace ownership directly via users”.
How do we add/remove owners for our namespace? Is that documented somehere?
Many thanks
I think you would click on the left-hand menu Collections
then click on Namespaces
then click on My namespaces
Then click on Access
and assign users there
Hi @IPvSean, seems reasonable, but there is only the option of groups:
Namespace management with users is a work in progress that is almost done Allow users for namespace creation. by jctanner · Pull Request #1899 · ansible/galaxy_ng · GitHub
For now, the only way to see and manipulate the owners of a v3 namespace are through the v1 “backdoor” as documented here Administration - Galaxy NG
Thanks @tannerjc. I see the PR is merged, looking forward to the changes going live on galaxy.ansible.com
We have the UI components deployed in galaxy-dev, but I found another bug in the API and have a fix in flight … Enable social auth users to see other users. by jctanner · Pull Request #1934 · ansible/galaxy_ng · GitHub
Thank you, looks like the user-based approach is now live in prod
Can I ask how the groups
option works? How do we create/modify a group, is it meant to avoid listing individual users as namespace owners?
Thank you
GalaxyNG’s RBAC up till now was group driven. An internal architecture decision was made to switch to user based RBAC for community galaxy so that we didn’t have tens of thousands of groups in the system. There’s nothing technically stopping the usage of groups still for RBAC, but we’d have to enable the group and user management components in the UI to make it more obvious and then also consider how we go about delegating permissions for group CRUD.
I’d say that for the time being, just ignore the groups elements in that UX. If it’s something you’d like to have though, we can take that as a feature request.
Understood, thanks for the detailed explanation. We’ll just do individual user-based CRUD for now.
Given user auth is outsourced to GitHub, a natural extension would be to use teams defined within GitHub as the “groups”, that would work very well for us as the collection of users who need to be namespace owners are already in a GitHub team, but I admit I have no idea if this idea is technically feasible. Thank you