Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Systems: Allow tenant admin to impersonate a Tapis user for getSystem, getSystems. #70

Open
scblack321 opened this issue Jan 26, 2024 · 0 comments
Assignees

Comments

@scblack321
Copy link
Collaborator

Requested by TACC WMA. Request from slack (TACC Team tapis-v3-transition channel, 1/24/2024)

Jake Rosenberg
(https://tacc-team.slack.com/archives/C0307MGPCP2/p1706114239176879)
Is it possible for a tenant admin to get all systems shared with some user? i.e. a way to see what a specific user would see if they did a
listing with {"listType": "ALL"} ?

On 1/26/2024

Steve Black
(https://tacc-team.slack.com/archives/C0307MGPCP2/p1706295891433839?thread_ts=1706114239.176879&cid=C0307MGPCP2)
Currently there is no easy way to do this.
If you look at the getSystem or getApp endpoint, however, you'll see that there is a query
parameter impersonationId that allows a service to impersonate a Tapis user.
I believe allowing this option for tenant admins and adding it to the getSystems and getApps endpoints
would let you get the information you need.
Basically, we would allow a tenant admin to impersonate another user when access involves the READ permission.
Let us know what you think, and the priority for it. I don't think it would be a big effort.
If it is an urgent need we can prioritize it.

Jake Rosenberg
(https://tacc-team.slack.com/archives/C0307MGPCP2/p1706296255626189?thread_ts=1706114239.176879&cid=C0307MGPCP2)
Thanks for looking into it! I think we'll need something like this in order to determine which workspace paths to mount in Jupyter, so it might be somewhat high priority.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
Archived in project
Development

No branches or pull requests

1 participant