Skip to main content

Hello,

 

I have configured oidc auth on my Kasten K10 instance.

The SSO returns the user groups.

If the user is in the group k10-admins, they get unrestricted permissions, which is as expected, and are redirected to the K10 dashboard.

The problem I confront is that users who are not in the k10-admins group also access the dashboard but do not see any data. On their profile, they can see that they have no permissions at all.

I want to restrict access to the K10 dashboard page for users who are not in the 'k10-admins' group, similar to standard login procedures.

 

Best regards, Mike

Hi @gavezm 

Each K10 deployment includes three default ClusterRoles: k10-admin, k10-basic, and k10-config-view, each with a distinct set of permissions.

You can either assign your users/groups to one of these ClusterRoles or manually create a customized ClusterRole and assign it to your group or users.

Please review the below link for more details

https://docs.kasten.io/latest/access/rbac.html?highlight=rbac


also if you want to grant admin-level access to K10's dashboard to specific groups ( not k10-admin ), you can either follow the link provided above or set the values below during the Helm installation. This will enable K10 to create the necessary ClusterRoleBindings/RoleBindings for you.


 

auth.k10AdminGroups

A list of groups whose members are granted admin level access to K10's dashboard

None

auth.k10AdminUsers

A list of users who are granted admin level access to K10's dashboard

None


BR,
Ahmed Hagag​​​​​​​


I will divide users into admins and users with no access. Currently, the admin role binding works as intended.

Other users (those with no access) do not have any role binding. When they log in via OIDC and view their profile, they see 'No permissions'.

This is alright; users with no permissions do not see anything. However, I'm unsure why Kasten K10 shows an empty dashboard instead of rejecting the login. I want to configure it so that users with no permissions will remain on the login page.

 

Is it possible?

 

Br, Mike

 


Hi @gavezm Currently, it is not possible for users without permissions to stay on the login page.

However, it's a good point, and I will request this feature from our engineering team.

 

BR,
Ahmed Hagag


Alright, I get it. I think this feature is essential.

 

Br, Mike


Comment