Chapter 2. Deleting users
2.1. About deleting users and their resources
If you have administrator access to OpenShift Container Platform, you can revoke a user’s access to Jupyter and delete the user’s resources from Red Hat OpenShift AI.
Deleting a user and the user’s resources involves the following tasks:
- Before you delete a user from OpenShift AI, it is good practice to back up the data on your persistent volume claims (PVCs).
- Stop notebook servers owned by the user.
- Revoke user access to Jupyter.
- Remove the user from the allowed group in your OpenShift identity provider.
- After you delete a user, delete their associated configuration files from OpenShift Container Platform.
2.2. Backing up storage data
It is a best practice to back up the data on your persistent volume claims (PVCs) regularly.
Backing up your data is particularly important before you delete a user and before you uninstall OpenShift AI, as all PVCs are deleted when OpenShift AI is uninstalled.
See the documentation for your cluster platform for more information about backing up your PVCs.
Additional resources
2.3. Stopping notebook servers owned by other users
Administrators can stop notebook servers that are owned by other users to reduce resource consumption on the cluster, or as part of removing a user and their resources from the cluster.
Prerequisites
-
If you are using specialized OpenShift AI groups, you are part of the administrator group (for example,
rhoai-admins
). If you are not using specialized groups, you are part of the OpenShift Container Platform administrator group. For more information, see Adding administrative users for OpenShift Container Platform. - You have launched the Jupyter application, as described in Starting a Jupyter notebook server.
- The notebook server that you want to stop is running.
Procedure
- On the page that opens when you launch Jupyter, click the Administration tab.
Stop one or more servers.
If you want to stop one or more specific servers, perform the following actions:
- In the Users section, locate the user that the notebook server belongs to.
To stop the notebook server, perform one of the following actions:
- Click the action menu (⋮) beside the relevant user and select Stop server.
Click View server beside the relevant user and then click Stop notebook server.
The Stop server dialog box appears.
- Click Stop server.
If you want to stop all servers, perform the following actions:
- Click the Stop all servers button.
- Click OK to confirm stopping all servers.
Verification
- The Stop server link beside each server changes to a Start server link when the notebook server has stopped.
2.4. Revoking user access to Jupyter
You can revoke a user’s access to Jupyter by removing the user from the specialized user groups that define access to OpenShift AI. When you remove a user from the specialized user groups, the user is prevented from accessing the OpenShift AI dashboard and from using associated services that consume resources in your cluster.
Follow these steps only if you have implemented specialized user groups to restrict access to OpenShift AI. To completely remove a user from OpenShift AI, you must remove them from the allowed group in your OpenShift identity provider.
Prerequisites
- You have stopped any notebook servers owned by the user you want to delete.
-
You are assigned the
cluster-admin
role in OpenShift Container Platform. - You are using specialized user groups for OpenShift AI, and the user is part of the specialized user group, administrator group, or both.
Procedure
-
In the OpenShift Container Platform web console, click User Management
Groups. Click the name of the group that you want to remove the user from.
-
For administrative users, click the name of your administrator group, for example,
rhoai-admins
. -
For non-administrator users, click the name of your user group, for example,
rhoai-users
.
The Group details page for the group appears.
-
For administrative users, click the name of your administrator group, for example,
- In the Users section on the Details tab, locate the user that you want to remove.
- Click the action menu (⋮) beside the user that you want to remove and click Remove user.
Verification
- Check the Users section on the Details tab and confirm that the user that you removed is not visible.
-
In the
rhods-notebooks
project, check under WorkloadsPods and ensure that there is no notebook server pod for this user. If you see a pod named jupyter-nb-<username>-*
for the user that you have removed, delete that pod to ensure that the deleted user is not consuming resources on the cluster. - In the OpenShift AI dashboard, check the list of data science projects. Delete any projects that belong to the user.
2.5. Cleaning up after deleting users
After you remove a user’s access to Red Hat OpenShift AI or Jupyter, you must also delete the configuration files for the user from OpenShift Container Platform. Red Hat recommends that you back up the user’s data before removing their configuration files.
Prerequisites
- (Optional) If you want to completely remove the user’s access to OpenShift AI, you have removed their credentials from your identity provider.
- You have revoked the user’s access to Jupyter.
- You have backed up the user’s storage data.
-
If you are using specialized OpenShift AI groups, you are part of the administrator group (for example,
rhoai-admins
). If you are not using specialized groups, you are part of the OpenShift Container Platform administrator group. For more information, see Adding administrative users for OpenShift Container Platform. - You have logged in to the OpenShift Container Platform web console.
- You have logged in to OpenShift AI.
Procedure
Delete the user’s persistent volume claim (PVC).
-
Click Storage
PersistentVolumeClaims. -
If it is not already selected, select the
rhods-notebooks
project from the project list. Locate the
jupyter-nb-<username>
PVC.Replace
<username>
with the relevant user name.Click the action menu (⋮) and select Delete PersistentVolumeClaim from the list.
The Delete PersistentVolumeClaim dialog appears.
- Inspect the dialog and confirm that you are deleting the correct PVC.
- Click Delete.
-
Click Storage
Delete the user’s ConfigMap.
-
Click Workloads
ConfigMaps. -
If it is not already selected, select the
rhods-notebooks
project from the project list. Locate the
jupyterhub-singleuser-profile-<username>
ConfigMap.Replace
<username>
with the relevant user name.Click the action menu (⋮) and select Delete ConfigMap from the list.
The Delete ConfigMap dialog appears.
- Inspect the dialog and confirm that you are deleting the correct ConfigMap.
- Click Delete.
-
Click Workloads
Verification
- The user cannot access Jupyter any more, and sees an "Access permission needed" message if they try.
- The user’s single-user profile, persistent volume claim (PVC), and ConfigMap are not visible in OpenShift Container Platform.