Managing account access in Red Hat OpenShift Service Registry

Guide
  • Red Hat OpenShift Service Registry 1
  • Updated 17 December 2021
  • Published 01 December 2021

Managing account access in Red Hat OpenShift Service Registry

Guide
Red Hat OpenShift Service Registry 1
  • Updated 17 December 2021
  • Published 01 December 2021

As a Service Registry instance owner, an instance administrator, or an organization administrator in Red Hat OpenShift Service Registry, you can manage the level of access that other user accounts and service accounts have to your Service Registry instance. You can grant or remove access to your Service Registry instance for specific user accounts in your organization based on user roles. You can also allow other users or service accounts to manage the level of access to your instance for you.

Service Registry instance owners or instance administrators can manage access for only the Service Registry instances that they create or for instances that the owner has allowed them to access and change. Organization administrators can manage access for all Service Registry instances.

Access management in Red Hat OpenShift Service Registry

Red Hat OpenShift Service Registry uses Role-Based Access Control (RBAC) to manage how other user accounts and service accounts access the Service Registry instances that you create and the artifacts that they contain. You can manage access for only the Service Registry instances that you create or for instances that the owner has allowed you to access and change.

An account in Red Hat OpenShift Service Registry is either a user account or a service account. A user account enables users in your organization to access your Service Registry instances. A service account enables your client application or tool to connect securely and to access your Service Registry instances.

User roles in Red Hat OpenShift Service Registry

The Service Registry web console provides an Access tab on the Service Registry instance page. Service Registry instance owners, instance administrators, and organization administrators can use this tab to manage the following user roles:

  • Administrator - Can perform the following in this Service Registry instance:

    • View or write user roles

    • View or write schema and API artifacts

    • Configure global rules for compatibility and validity

    • Import/export Service Registry data

  • Manager - Can view or write schema and API artifacts in this Service Registry instance

  • Viewer - Can view schema and API artifacts in this Service Registry instance

The owner of a Service Registry instance has the administrator role for that instance by default, and can assign roles in the same organization. Other user accounts or service accounts in the organization have no access to that instance by default.

In addition to the web console, the rhoas CLI provides commands to manage user roles, and the core Service Registry REST API also provides Admin API endpoints for managing user roles.

Viewing user roles in a Service Registry instance

You can view the user roles assigned to your Service Registry instances that manage how other user accounts or service accounts interact with the instance and the artifacts that it contains. You can view user roles and accounts only for instances that you create or for instances that the owner has assigned you access to.

Prerequisites
  • The Service Registry instance has been created and is in Ready state.

  • The user accounts or service accounts that you want to view have been created in the organization and have already been assigned user roles.

Procedure
  1. In the web console, go to Service Registry > Service Registry Instances and click the name of the Service Registry instance that you want to view roles and accounts for.

  2. Click the Access tab to view the roles and accounts assigned for this instance:

    1. To view specific accounts, click Account, enter the user account or service account name, and click the search button.

    2. To view accounts with a specific role, click Role, select Filter by role and then the role you want (for example, Administrator), and click the search button.

  3. Click Clear all filters when done.

Assigning user roles in a Service Registry instance

In Red Hat OpenShift Service Registry, you can assign user roles in your Service Registry instances to manage how other user accounts or service accounts interact with the instance and the artifacts that it contains. You can assign user roles only for instances that you create or for instances that the owner has assigned you access to.

Prerequisites
  • The Service Registry instance has been created and is in Ready state.

  • The user accounts or service accounts that you’re assigning roles to have been created in the organization.

Procedure
  1. In the web console, go to Service Registry > Service Registry Instances and click the name of the Service Registry instance that you want to assign roles for.

  2. Click the Access tab to view the accounts and roles already assigned for this instance.

  3. Click Grant access to assign roles to accounts.

  4. In the Account field, select or enter the service account or user account name that you want to assign the role to:

    • A service account enables your application or tool to connect securely to your instance

    • A user account enables users in your organization to access instances

  5. Select the Role that you want to assign to your account, for example, Manager for write access to this instance.

  6. Click Save.

Editing or removing user roles in a Service Registry instance

You can edit or remove the user roles assigned in your Service Registry instances that manage how other user accounts or service accounts interact with the instance and the artifacts that it contains. You can edit or remove user roles only for the instances that you create or for instances that the owner has assigned you access to.

Prerequisites
  • The Service Registry instance has been created and is in Ready state.

  • The user accounts or service accounts have been created in the organization and the user roles have already been assigned.

Procedure
  1. In the web console, go to Service Registry > Service Registry Instances and click the name of the Service Registry instance that you want to remove a user role for.

  2. Click the Access tab to view the accounts and roles assigned for this instance.

  3. Select the options menu (three vertical dots) next to the assigned Role name:

    1. To change to a different role, click Edit and select the new user role, for example, Viewer for read-only access to this instance.

    2. To remove the currently assigned role, click Remove and confirm in the dialog.