Chapter 2. Adding users for OpenShift Data Science

You can grant users permission to access Red Hat OpenShift Data Science by adding user accounts to the Red Hat OpenShift Data Science user group, administrator group, or both. You can either use the default group name, or specify a group name that already exists in your identity provider.

The user group provides the user with access to developer functions in the Red Hat OpenShift Data Science dashboard, and associated services, such as JupyterHub. The default user group name is rhods-users.

The administrator group provides the user with access to developer and administrator functions in the Red Hat OpenShift Data Science dashboard and associated services, such as JupyterHub. The default administrator group name is rhods-admins.

To use the default group names, see Adding users for OpenShift Data Science using default user groups. This method is easy to set up, but you must manage the user lists manually in the OpenShift Dedicated web console.

To use groups that already exist in your identity provider, see Adding existing user groups from an identity provider to OpenShift Data Science. With this method you can manage users through your identity provider as you normally would.

Important

If you are using LDAP as your identity provider, you need to configure LDAP syncing to OpenShift Dedicated. See Syncing LDAP groups for more information.

2.1. Adding existing user groups from an identity provider to OpenShift Data Science

You can grant a user access to Red Hat OpenShift Data Science by adding their user name to the OpenShift Data Science user group, administrator group, or both. Follow the steps in this section to use an existing group from your identity provider that does not use one of the default group names, rhods-admins or rhods-users. You can add users to these groups as you normally would with that identity provider.

Prerequisites

  • You have configured a supported identity provider for OpenShift Dedicated.
  • You are part of the cluster-admins or dedicated-admins user group in OpenShift Dedicated.

Procedure

  1. In the OpenShift Dedicated web console, change into the Administrator perspective.
  2. Click WorkloadsConfigMaps.
  3. Set the Project to All Projects or redhat-ods-applications to ensure you can see the appropriate ConfigMap.
  4. Click the name of the rhods-groups-config ConfigMap.

    The ConfigMap details page appears.

  5. Click the YAML tab.
  6. Change the opendatahub.io/modified label to 'true'.

      labels:
        app: jupyterhub
        opendatahub.io/modified: 'true'
  7. Replace default values with your group names.

    Change the value of admin_groups to the new name of your admin group and the value of allowed_groups to the new name of your user group, for example:

    data:
      admin_groups: it-ops
      allowed_groups: datasci-devs1,datasci-devs2
  8. Click Save.
  9. Apply the new application configuration.

    1. Change into the Developer perspective.
    2. Click Topology and click on the JupyterHub application.
    3. Click ActionsStart Rollout to deploy JupyterHub with its updated user configuration.

Verification

  • Click the Details tab and confirm that the Labels field contains opendatahub.io/modified: 'true', and the updated group names appear under the Data heading.
  • The user can access the Red Hat OpenShift Data Science dashboard, and associated services, such as JupyterHub.

2.2. Adding users for OpenShift Data Science using default user groups

You can grant a user access to Red Hat OpenShift Data Science by adding their user name to the OpenShift Data Science user group, administrator group, or both. Follow the steps in this section to create administrator and user groups that use the default group names, and manually add users to the groups. This method is easy to set up, but you must manage the user lists manually in the OpenShift Dedicated web console.

Prerequisites

  • You have configured a supported identity provider for OpenShift Dedicated.
  • You are part of the dedicated-admins user group in OpenShift Dedicated.

Procedure

  1. In the OpenShift Dedicated web console, click User ManagementGroups.
  2. Optional: If not present, create the rhods-admins group.

    1. Click Create Group.
    2. Change the name of the group to rhods-admins.

      apiVersion: user.openshift.io/v1
      kind: Group
      metadata:
        name: rhods-admins
      users:
        - user1
        - user2
    3. Skip to step 6 to add administrative users.
  3. Optional: If not present, create the rhods-users group.

    1. Click Create Group.
    2. Change the name of the group to rhods-users.

      apiVersion: user.openshift.io/v1
      kind: Group
      metadata:
        name: rhods-users
      users:
        - user1
        - user2
    3. Skip to step 6 to add normal users.
  4. Click the name of the group you want to add users to.

    • For administrative users, click rhods-admins.
    • For normal users, click rhods-users.

    The Group details page for that group appears.

  5. Click the YAML tab.
  6. In the users section, add the user name of the user that you want to add to the group. For example:

    users:
     - jdoe
     - emustermann
  7. Click Save.

Verification

  • Click the Details tab for each group and confirm that the Users section contains the user names that you added.
  • Ensure the user can access the Red Hat OpenShift Data Science dashboard, and associated services, such as JupyterHub.

2.3. Additional resources