Managing console access
When you add a user to the platform, a user profile (or record) is created for the user.
You can add users to the platform in the following ways:
-
You can give individual LDAP users access to the platform by adding them to a user group. When you add an LDAP user to a user group, the platform automatically creates a profile for the LDAP user. To provide LDAP users access, you must connect to the LDAP server as an identity provider.
-
You can give all of the members of an LDAP group access to the platform by adding the LDAP group to a user group. When you add the LDAP group to a user group, the platform automatically creates a profile for each LDAP user in the group. The platform skips this step for any members that have an existing user profile on the platform. To provide LDAP users access, you must connect to the LDAP server as an identity provider.
Important: You cannot create a user from the Access control page of your cluster console as the page has no provision to set up a password for a new user. You can use the page to add an LDAP or OpenShift user to
your cluster. When you add a user, you must specify the OpenShift or LDAP login ID of the user in the Username textbox that is on the Add user page.
Before you begin
Required permissions
To manage access to the console, you must have one of the following permissions:
- Administer platform
- Manage users
About this task
You can create and edit user profiles from the Users tab of the Access control page.
Important: By default, an All users group is included. As the name suggests, all users are automatically included in this group. The group is used to give all platform users access to the console and common features, such as their profile and settings. You cannot edit or delete this group.
Procedure
To give users access to the console:
-
Log in to the console.
-
From the navigation menu, select Administration > Access control.
-
Open the Users tab.
-
Click Add user.
-
Specify the appropriate information for your environment. The information that you need to specify is different based on the environment where you are adding the user. Review the table after the procedure for the information that you need to specify: Required information for creating a user.
-
Click Next.
-
Specify how you want the user to get their permissions. Either assign roles directly to the user or add the user to the existing user group.
-
Click Next.
-
Select the appropriate roles or groups to assign to the user.
-
Click Next.
-
Review the summary. If the values are correct, click Create.
Required information for creating a user
| Environment | Information to specify |
|---|---|
| Connected to an LDAP server | - The user's full name Ensure that you enter the user's given name and surname as they are specified in the LDAP server. - The username that the user will authenticate with the appropriate value depends on the attribute that you specified for the User search field in the LDAP configuration. - The user's email address Ensure that you enter the user's email address as it is specified in the LDAP server. |