Role-based access control (RBAC)
RBAC related questions and answers for IBM Storage Fusion HCI System.
-
- Users of which identity providers can be authenticated with IBM Storage Fusion HCI System?
- Any identity provider that can be configured with OpenShift® can be used to authenticate to IIBM Storage Fusion HCI System. Labs has tested only with
htpasswd
and LDAP.
-
- Which OpenShift roles are authorized to access IBM Storage Fusion HCI System user interface?
- Any user with clusteradmin or view roles can access IBM Storage Fusion HCI System.
-
- What happens when a user with an invalid role tries to login to IBM Storage Fusion HCI System interface?
- The user will not get authenticated to IBM Storage Fusion HCI System.
-
- Does the IBM Storage Fusion HCI System GUI have multi-factor authentication (MFA) for sign in?
- IBM Storage Fusion HCI System uses SSO through Red Hat® OpenShift Data Foundation authentication. Red Hat OpenShift Data Foundation can also be configured to enforce MFA. IBM Storage Fusion HCI System supports all of the OAuth authenticators that OpenShift supports.
-
- How does SSO work between IBM Storage Fusion HCI System and other integrated applications?
-
- Red Hat
OpenShift:
Yes, SSO is configured for IBM Storage Fusion HCI System and Red HatOpenShift. It works for Kubeadmin. For identity providers, there is a RFE raised against OpenShift team for enabling SSO login for identity providers.
- IBM Storage Scale:
Yes, SSO is configured for IBM Storage Fusion HCI System and IBM Storage Scale.
- Red Hat
OpenShift:
-
- How does authorization and authentication work in OpenShift?
- For more information about authorization and authentication, see https://docs.openshift.com/container-platform/4.15/authentication/understanding-authentication.html.
-
- Who are the primary personas/roles to whom Fusion is targeted?
- There are two primary personas:
- The team that is setting up and managing the OpenShift infrastructure.
- The application team that works on developing and deploying applications to OpenShift.