Chapter 1. Adding users
1.1. Overview of user types and permissions
Table 1 describes the Red Hat OpenShift Data Science user types.
| User Type | Permissions |
|---|---|
| Data scientists | Data scientists can access and use individual components of Red Hat OpenShift Data Science, such as Jupyter. |
| Administrators | In addition to the actions permitted to a data scientist, administrators can perform these actions:
See also OpenShift Container Platform Authentication and authorization. |
By default, all OpenShift users have access to Red Hat OpenShift Data Science. In addition, users with the cluster-admin role, automatically have administrator access in OpenShift Data Science.
Optionally, if you want to restrict access to your OpenShift Data Science deployment, you can create specialized user groups for users and administrators.
If you decide to restrict access, and you already have user groups defined in your configured identity provider, you can add these user groups to your OpenShift Data Science deployment. If you decide to use specialized user groups without adding these groups from an identity provider, you must create the groups in OpenShift Container Platform and then add users to them.
There are some operations relevant to OpenShift Data Science that require the cluster-admin role. Those operations include:
- Adding users to the OpenShift Data Science user and administrator groups, if you are using specialized groups.
- Removing users from the OpenShift Data Science user and administrator groups, if you are using specialized groups.
- Managing custom environment and storage configuration for users in OpenShift, such as Jupyter notebook resources, ConfigMaps, and persistent volume claims (PVCs).
Although users of OpenShift Data Science and its components are authenticated through OpenShift, session management is separate from authentication. This means that logging out of OpenShift or OpenShift Data Science does not affect a logged in Jupyter session running on those platforms. This means that when a user’s permissions change, that user must log out of all current sessions in order for the changes to take effect.
1.2. Defining OpenShift Data Science administrator and user groups
By default, all users authenticated in OpenShift can access OpenShift Data Science.
Also by default, users with the cluster-admin role are OpenShift Data Science administrators, but all users authenticated in OpenShift can access OpenShift Data Science. A cluster admin is a superuser that can perform any action in any project in the OpenShift cluster. When bound to a user with a local binding, they have full control over quota and every action on every resource in the project.
You can define additional OpenShift Data Science administrator and user groups by using the OpenShift Data Science dashboard.
Prerequisites
- You have logged in to Red Hat OpenShift Data Science as described in Logging in to OpenShift Data Science.
-
You have the
cluster-adminrole in OpenShift Container Platform. - The groups that you want to define as administrator and user groups for OpenShift Data Science already exist in OpenShift Container Platform.
Procedure
-
From the OpenShift Data Science dashboard, click Settings
User management. - Define your OpenShift Data Science admin groups: Under Data science administrator groups, click the text box and select an OpenShift group. Repeat this process to define multiple admin groups.
Define your OpenShift Data Science user groups: Under Data science user groups, click the text box and select an OpenShift group. Repeat this process to define multiple user groups.
ImportantThe
system:authenticatedsetting allows all users authenticated in OpenShift to access OpenShift Data Science.- Click Save changes.
Verification
- Administrator users can successfully log in to OpenShift Data Science and perform administrative functions.
- Non-administrator users can successfully log in to OpenShift Data Science. They can also access and use individual components, such as Jupyter.
1.3. Adding users to specialized OpenShift Data Science user groups
By default, all OpenShift users have access to Red Hat OpenShift Data Science.
Optionally, you can restrict user access to your OpenShift Data Science instance by defining specialized user groups. You must grant users permission to access Red Hat OpenShift Data Science by adding user accounts to the Red Hat OpenShift Data Science user group, administrator group, or both. You can either use the default group name, or specify a group name that already exists in your identity provider.
The user group provides the user with access to developer functions in the Red Hat OpenShift Data Science dashboard, and associated services, such as Jupyter.
The administrator group provides the user with access to developer and administrator functions in the Red Hat OpenShift Data Science dashboard and associated services, such as Jupyter.
If you restrict access by using specialized user groups, users that are not in the OpenShift Data Science user group or administrator group can still view the dashboard, but are unable to use associated services, such as Jupyter. They are also unable to access the Cluster settings page.
Follow the steps in this section to add users to your specialized OpenShift Data Science administrator and user groups.
Note: You can add users in OpenShift Data Science but you must manage the user lists in the OpenShift Container Platform web console.
Prerequisites
- You have configured a supported identity provider for OpenShift Container Platform.
-
You are assigned the
cluster-adminrole in OpenShift Container Platform. - You have defined an OpenShift Data Science administrator group and user group.
Procedure
-
In the OpenShift Container Platform web console, click User Management
Groups. Click the name of the group you want to add users to.
-
For administrative users, click the administrator group, for example,
rhods-admins. For normal users, click the user group, for example,
rhods-users.The Group details page for that group appears.
-
For administrative users, click the administrator group, for example,
Click Actions
Add Users. The Add Users dialog appears.
- In the Users field, enter the relevant user name to add to the group.
- Click Save.
Verification
- Click the Details tab for each group and confirm that the Users section contains the user names that you added.
1.4. Viewing OpenShift Data Science users
If you have defined specialized OpenShift Data Science user groups, you can view the users that belong to these groups.
Prerequisites
- The Red Hat OpenShift Data Science user group, administrator group, or both exist.
-
You have the
cluster-adminrole in OpenShift Container Platform. - You have configured a supported identity provider for OpenShift Container Platform.
Procedure
-
In the OpenShift Container Platform web console, click User Management
Groups. Click the name of the group containing the users that you want to view.
-
For administrative users, click the name of your administrator group. for example,
rhods-admins. For normal users, click the name of your user group, for example,
rhods-users.The Group details page for the group appears.
-
For administrative users, click the name of your administrator group. for example,
Verification
- In the Users section for the relevant group, you can view the users who have permission to access Red Hat OpenShift Data Science.
