Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Consider adding an OSS-specific guide to Role Access Requests #14889

Closed
ptgott opened this issue Jul 26, 2022 · 1 comment · Fixed by #22613
Closed

Consider adding an OSS-specific guide to Role Access Requests #14889

ptgott opened this issue Jul 26, 2022 · 1 comment · Fixed by #22613
Labels
access-requests documentation

Comments

@ptgott
Copy link
Contributor

ptgott commented Jul 26, 2022

Details

While there are a lot of restrictions around Role Access Requests in OSS Teleport, there could be enough things you can do—and enough real value to be had—that it's worth looking into writing a guide for how to achieve a Role Access Request workflow without Cloud/Enterprise. OSS Teleport users who rely on Role Access Requests can then graduate to Cloud/Enterprise for a smoother experience when the time comes. (We can also consider modifying the existing Role Access Request guide to add tabs for OSS users.)

The workflow would look like:

  1. Set up RBAC: roles must only use the default request strategy, cannot define thresholds, and cannot include review_requests or search_as_roles. See the way we check Access Request support in the source.

    We'll need to see whether enabling creating/updating access request resources in a spec.allow.rules[*]resources rule can bypass the restriction against review_requests.

  2. Request access via tsh login --request-roles (this uses the Auth Service and doesn't rely on plugins/Teleport Enterprise)

  3. Approve/deny access requests via tctl (using tsh or the Web UI is not possible in OSS Teleport)

Category

  • Improve Existing
@ptgott ptgott mentioned this issue Jul 26, 2022
Closed
@ptgott ptgott mentioned this issue Oct 31, 2022
Closed
@ptgott
Copy link
Contributor Author

ptgott commented Dec 7, 2022

Marking this as "urgent" since Access Requests are a strong Teleport feature and we want to provide as much clarity into them as we can!

@zmb3 zmb3 mentioned this issue Feb 14, 2023
Closed
zmb3 added a commit that referenced this issue Mar 3, 2023
@zmb3
docs: include a separate page for OSS access requests
1ae4c10 
OSS Teleport supports access requests in a very limited fashion.
Make this clear by adding a separate page that covers the supported OSS
features.

Closes #4818
Closes #13175
Closes #14889
Closes #15979
Closes #22587
@zmb3 zmb3 mentioned this issue Mar 3, 2023
Merged
zmb3 added a commit that referenced this issue Mar 10, 2023
@zmb3
docs: include a separate page for OSS access requests
0f04f26 
OSS Teleport supports access requests in a very limited fashion.
Make this clear by adding a separate page that covers the supported OSS
features.

Closes #4818
Closes #13175
Closes #14889
Closes #15979
Closes #22587
@zmb3 zmb3 closed this as completed in b8bf90b Mar 11, 2023
github-actions bot pushed a commit that referenced this issue Mar 11, 2023
@zmb3
docs: include a separate page for OSS access requests
18041f6 
OSS Teleport supports access requests in a very limited fashion.
Make this clear by adding a separate page that covers the supported OSS
features.

Closes #4818
Closes #13175
Closes #14889
Closes #15979
Closes #22587
github-actions bot pushed a commit that referenced this issue Mar 11, 2023
@zmb3
docs: include a separate page for OSS access requests
c021267 
OSS Teleport supports access requests in a very limited fashion.
Make this clear by adding a separate page that covers the supported OSS
features.

Closes #4818
Closes #13175
Closes #14889
Closes #15979
Closes #22587
stevenGravy pushed a commit that referenced this issue Mar 13, 2023
@zmb3
docs: include a separate page for OSS access requests (#22947)
deb4dd3 
OSS Teleport supports access requests in a very limited fashion.
Make this clear by adding a separate page that covers the supported OSS
features.

Closes #4818
Closes #13175
Closes #14889
Closes #15979
Closes #22587
stevenGravy added a commit that referenced this issue Mar 13, 2023
@zmb3 @stevenGravy
docs: include a separate page for OSS access requests (#22946)
abb0ad1 
OSS Teleport supports access requests in a very limited fashion.
Make this clear by adding a separate page that covers the supported OSS
features.

Closes #4818
Closes #13175
Closes #14889
Closes #15979
Closes #22587

Co-authored-by: Steven Martin <[email protected]>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
access-requests documentation
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

docs: include a separate page for OSS access requests gravitational/teleport
2 participants
@zmb3 @ptgott