Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix issues with Team leader feature in portainer #7093

Closed
joshua-portainer opened this issue Jun 16, 2022 · 1 comment
Closed

Fix issues with Team leader feature in portainer #7093

joshua-portainer opened this issue Jun 16, 2022 · 1 comment
Labels
bug/need-confirmation kind/bug Applied to Bugs
Milestone
CE-2.14.0

Comments

@joshua-portainer
Copy link

The Team leader feature has some inconsistent behavior across the three different Authentication options.

    1. Internal Auth
    2. External Auth 
    3. External Auth with Team Sync enabled

The expected behavior should be as follows

(1) If Portainer internal auth is enabled

  A Team leader:
  
  - Cannot create or delete users
  - Cannot delete teams in the ‘Teams management’ or ‘Team details’ page. 
  - Cannot create a new team 
  - Can add existing users to their own team
  - Can see all users in Portainer
  - Can see the ‘Users’, ‘Teams’, and ‘Roles’ pages 
  - Can only see teams they are TL of regardless of auth

(2) If external auth is enabled:

  A Team leader:
  
  - Cannot create or delete users
  - Cannot delete teams in the ‘Teams management’ or ‘Team details’ page. 
  - Cannot create a new team 
  - Can add existing users to their own team
  - Can see all user in Portainer
  - Can see the ‘Users’, ‘Teams’, and ‘Roles’ pages 
  - Can only see teams they are TL of regardless of auth

(3) If external auth is enabled with team sync, team leader becomes disabled:

  Team leader should be disabled: 

  - The ‘Users’, ‘Teams’, and ‘Roles’ pages should not be visible in the left side menu for Non-Admin
  - The ‘Team details' page for the global admin should be disabled: 
  - UI warning stating “The team leader feature is disabled as external authentication is currently enabled with team sync.” 
  Global admin should:
          - not be able to add users to teams, remove users from team,  (these buttons should be greyed out and disabled) 
          - Be able to delete and create Teams
  In the “Team Details” Section:
          - Name field is empty
          - Leaders Field is empty
          - Total users in team displays accurate number
@joshua-portainer joshua-portainer added this to the CE-2.14.0 milestone Jun 16, 2022
@joshua-portainer joshua-portainer mentioned this issue Jun 16, 2022
Closed
@YBUSherb
Copy link

YBUSherb commented Feb 23, 2023
edited
Loading

Hi,
I've just upgraded from 2.13.1 to 2.17.0 and kinda surprised by this change. As you know, in portainer-ce, the LDAP sync allow the automatic addition of users but not its removal. Therefore, we need to be able to remove users from Teams even when external auth is enabled with team sync. Also, some Teams are synced from LDAP and other are internal. It was working fine in 2.13.1 but now in 2.17.0 we aren't able to add/remove member from those internal Teams. Therefore, I believe portainer need to know which team is internal to allow the add/remove member and which team are synced to only allow removal of members

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug/need-confirmation kind/bug Applied to Bugs
Projects
None yet
Milestone
CE-2.14.0
Development

No branches or pull requests
2 participants
@joshua-portainer @YBUSherb