Bug 1568524 - [RFE] - Capability to disable certain WebGUI Logins and Privileged Features [NEEDINFO]
Summary: [RFE] - Capability to disable certain WebGUI Logins and Privileged Features
Keywords:
Status: CLOSED WONTFIX
Alias: None
Product: OpenShift Container Platform
Classification: Red Hat
Component: RFE
Version: 3.7.0
Hardware: Unspecified
OS: Unspecified
high
high
Target Milestone: ---
: ---
Assignee: Erica von Buelow
QA Contact: Xiaoli Tian
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2018-04-17 16:53 UTC by Greg Rodriguez II
Modified: 2019-03-29 06:34 UTC (History)
8 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-01-16 15:39:11 UTC
Target Upstream Version:
cscribne: needinfo? (decarr)
fshaikh: needinfo? (decarr)


Attachments (Terms of Use)

Description Greg Rodriguez II 2018-04-17 16:53:15 UTC
Description of problem:
From Customer - 
"We want to have a functionality through which, WebGUI access can be given to Dev/App folks, without giving privileged accesses. 
Cluster-Admin Role User should not be able to Login to WebGUI, but he should be able to login to OC CLI.

That is, Only  certain level role users should be allowed access to WebGUI and not cluster-admins.

Also, request to provision a Whitelist for IP addresses Pool's to be allowed for WebGUI Logins similar to OC API IP Whitelisting RFE we raised.

The thought process is, App Admins should be login to WebGUI/CLI but Cluster-Admins should only login to OC CLI."

Version-Release number of selected component (if applicable):
OCP 3.7

Comment 7 Ben Bennett 2019-01-16 15:18:10 UTC
In later OpenShift releases the console is accessed through a route.  And you can whitelist access to the routes:
  https://docs.openshift.com/container-platform/3.6/architecture/networking/routes.html#whitelist


Note You need to log in before you can comment on or make changes to this bug.