Chapter 6. Adding users for OpenShift Data Science

By default, all OpenShift users have access to Red Hat OpenShift Data Science. If you are using these default permission settings, no further action is required. However, if you plan to restrict access to your OpenShift Data Science instance by defining specialized user groups, you must grant users permission to access Red Hat OpenShift Data Science by adding user accounts to the Red Hat OpenShift Data Science user group, administrator group, or both. You can either use the default group name, or specify a group name that already exists in your identity provider.

The user group provides the user with access to developer functions in the Red Hat OpenShift Data Science dashboard, and associated services, such as Jupyter.

The administrator group provides the user with access to developer and administrator functions in the Red Hat OpenShift Data Science dashboard and associated services, such as Jupyter.

If you have restricted access using specialized user groups, users that are not in the OpenShift Data Science user group or administrator group can still view the dashboard, but are unable to use associated services, such as Jupyter. They are also unable to access the Cluster settings page.

To use the default group names, see Adding users to specialized OpenShift Data Science user groups. This method is easy to set up, but you must manually configure user lists in the OpenShift Dedicated web console.

Important

If you are using LDAP as your identity provider, you need to configure LDAP syncing to OpenShift Dedicated. See Syncing LDAP groups for more information.

6.1. Adding users to specialized OpenShift Data Science user groups

From Red Hat OpenShift Data Science 1.8, all OpenShift Dedicated users have access to Red Hat OpenShift Data Science by default. Additionally, users in the dedicated-admins administrator group automatically have administrator access to OpenShift Data Science. Versions of OpenShift Data Science before 1.8 contain specialized OpenShift Data Science administrator and user groups. To further restrict access to OpenShift Data Science in versions 1.8 or beyond, you can continue to create specialized OpenShift Data Science administrator and user groups.

Follow the steps in this section to create specialized OpenShift Data Science administrator and user groups, and manually add users to the groups. This method is easy to set up, but you must manage the user lists manually in the OpenShift Dedicated web console.

Prerequisites

  • You have configured a supported identity provider for OpenShift Dedicated.
  • You are part of the dedicated-admins user group in OpenShift Dedicated.

Procedure

  1. In the OpenShift Dedicated web console, click User ManagementGroups.
  2. Optional: If not present, create the administrator group, for example, rhods-admins.

    1. Click Create Group.
    2. Change the name of the group to the name of your administrator group.

      apiVersion: user.openshift.io/v1
      kind: Group
      metadata:
        name: rhods-admins
      users:
        - user1
        - user2
    3. Skip to step 6 to add administrative users.
  3. Optional: If not present, create the user group, for example, rhods-users.

    1. Click Create Group.
    2. Change the name of the group to the name of your user group.

      apiVersion: user.openshift.io/v1
      kind: Group
      metadata:
        name: rhods-users
      users:
        - user1
        - user2
    3. Skip to step 6 to add normal users.
  4. Click the name of the group you want to add users to.

    • For administrative users, click the administrator group, for example, rhods-admins.
    • For normal users, click the user group, for example, rhods-users.

    The Group details page for that group appears.

  5. Click the YAML tab.
  6. In the users section, add the user name of the user that you want to add to the group. For example:

    users:
     - jdoe
     - emustermann
  7. Click Save.

Verification

  • Click the Details tab for each group and confirm that the Users section contains the user names that you added.

6.2. Additional resources