Red Hat SummitChapter 6. Configuring guest access with RBAC UI
Use guest access with the role-based access control (RBAC) front-end plugin to allow a user to test role and policy creation without the need to set up and configure an authentication provider.
Guest access is not recommended for production.
6.1. Configuring the RBAC backend plugin
You can configure the RBAC backend plugin by updating the app-config.yaml file to enable the permission framework.
Prerequisites
-
You have installed the
@janus-idp/backstage-plugin-rbacplugin in Developer Hub. For more information, see Configuring dynamic plugins.
Procedure
-
Update the
app-config.yamlfile to enable the permission framework as shown:
permission
enabled: true
rbac:
admin:
users:
- name: user:default/guest
pluginsWithPermission:
- catalog
- permission
- scaffolder
The pluginsWithPermission section of the app-config.yaml section includes only three plugins by default. Update the section as needed to include any additional plugins that also incorporate permissions.
6.2. Setting up the guest authentication provider
You can enable guest authentication and use it alongside the RBAC frontend plugin.
Prerequisites
-
You have installed the
@janus-idp/backstage-plugin-rbacplugin in Developer Hub. For more information, see Configuring dynamic plugins.
Procedure
-
In the
app-config.yamlfile, add the user entity reference to resolve and enable thedangerouslyAllowOutsideDevelopmentoption, as shown in the following example:
auth:
environment: development
providers:
guest:
userEntityRef: user:default/guest
dangerouslyAllowOutsideDevelopment: true
You can use user:default/guest as the user entity reference to match the added user under the permission.rbac.admin.users section of the app-config.yaml file.
