UC-05: Group membership management

[j08lue]

Description

A platform administrator can add and remove users from a group they manage

Focus use case: group membership administration for JupyterHub access

As a workshop lead, I am able to log into a simple enough interface and administer membership for a group of participants, so I can get workshop participants set up with the resources they need.

User group

• Privileged platform users
  • e.g. the host of a workshop that is relying on VEDA JupyterHub

Validating application / Relying Party

IAM / Auth admin interface

Auth requirements

1. An privileged user is able to manage group membership for a predefined group
2. The privileged user does NOT need to be able to create the group and edit its permissions - that an ops team member can do.
3. The privileged user can disable group access or delete the group (e.g. after workshop or other event is over).

Solution exists currently

Yes, we currently use GitHub teams on arbitrary GitHub orgs and through these delegate membership management to workshop hosts.

Contact person

JupyterHub team / Sanjay / Yuvi

[j08lue]

@yuvipanda, would you please review / complete the description and requirements above?

How does group-based authorization with GitHub teams currently work in the 2i2c JupyterHub infra? Can you point out the auth flow implementation that our VEDA solution would need to plug into?

[lahirujayathilake]

@j08lue, I believe we need a third requirement to disable the group after the workshop

[j08lue]

we need a third requirement to disable the group after the workshop

Thanks, yes! I added one.