github.com/pachyderm/pachyderm@v1.13.4/doc/docs/1.11.x/enterprise/auth/manage-users-groups.md (about) 1 # Manage Users and Groups 2 3 If you have users or groups configured in a third-party 4 identity provider, you can give access to Pachyderm to 5 those users and groups. The following table summarizes 6 which providers support user and group authentication: 7 8 | Provider | Users | Groups | 9 | --------------- | --------------- | --------------- | 10 | GitHub | ✔ | X | 11 | Okta (SAML) | ✔ | ✔ | 12 | Otka (OIDC) | ✔ | X | 13 | Keycloak (OIDC) | ✔ | X | 14 | Keycloak (SAML) | ✔ | ✔ | 15 | Google (OIDC) | ✔ | X | 16 | Auth0 (OIDC) | ✔ | X | 17 18 ## Configure User Access 19 20 You can manage user access in the UI and CLI. 21 For example, you are logged in to Pachyderm as the user `user1` 22 and have a repository called `test`. Because the user `user1` created 23 this repository, `user1` has full `OWNER`-level access to the repo. 24 You can confirm this in the dashboard by navigating to or clicking on 25 the repo. Alternatively, you can confirm your access by running the 26 `pachctl auth get ...` command: 27 28 !!! example 29 30 ```shell 31 pachctl auth get dwhitena test 32 ``` 33 34 **System response:** 35 36 ```shell 37 OWNER 38 ``` 39 40 An OWNER of `test` or a cluster admin can then set other user 41 level of access to the repo by using the `pachctl auth set ...` 42 command or through the dashboard. 43 44 For more information about the roles that you can assign, 45 see [Roles](). 46 47 48 49 To manage user access, complete the following steps: 50 51 * If you are using the dashboard: 52 53 1. In the dashboard, click **Repo**. 54 1. Select the repo to which you want to grant access to your users. 55 1. Click **Modify access controls**. 56 1. Add the users to a desired list of `READERs`, `WRITERs`, 57 or `OWNERs`. 58 59 For example, to give the GitHub user `user2` `READER`, but not 60 `WRITER` or `OWNER`, access to the `test` repository add them 61 to the `READER` list. 62 63 * If you are using `pachctl`: 64 65 1. Grant a user an access to a repo: 66 67 ```shell 68 pachctl auth set <username> (none|reader|writer|owner) <repo> 69 ``` 70 71 **Example:** 72 73 ```shell 74 pachctl auth set user1 reader test 75 ``` 76 77 1. Verify the ACL for the repo: 78 79 ```shell 80 pachctl auth get <repo> 81 ``` 82 83 **Example:** 84 85 ```shell 86 pachctl auth get test 87 ``` 88 89 **System Response:** 90 91 ```shell 92 github:svekars: OWNER 93 github:user1: READER 94 ``` 95 96 ## Gonfigure Group Access 97 98 If you have a group of users configured in an identity provider, 99 you can grant access to a Pachyderm repository to all users 100 in that group. 101 102 !!! note 103 Only Okta with SAML currently supports group access. 104 105 !!! note 106 This functionality is experimental and supported only 107 through the command line. The changes will not be 108 visible in the UI. 109 110 To configure group access, you need to set the `group_attibute` in 111 the `id_providers` field of your authentication config: 112 113 **Example:** 114 115 ```shell 116 pachctl auth set-config <<EOF 117 { 118 ... 119 "id_providers": [ 120 { 121 ... 122 "saml": { 123 "group_attribute": "memberOf" 124 } 125 } 126 ], 127 } 128 EOF 129 ``` 130 131 !!! note "See also" 132 [Configure a SAML User](https://docs.pachyderm.com/latest/enterprise/saml/)