Role-based access control (RBAC)

RBAC related questions and answers for IBM Storage Fusion HCI System.

  1. Users of which identity providers can be authenticated with IBM Storage Fusion HCI System?
    Any identity provider that can be configured with OpenShift® can be used to authenticate to IIBM Storage Fusion HCI System. Labs has tested only with htpasswd and LDAP.

  2. Which OpenShift roles are authorized to access IBM Storage Fusion HCI System user interface?
    Any user with clusteradmin or view roles can access IBM Storage Fusion HCI System.

  3. What happens when a user with an invalid role tries to login to IBM Storage Fusion HCI System interface?
    The user will not get authenticated to IBM Storage Fusion HCI System.

  4. Does the IBM Storage Fusion HCI System GUI have multi-factor authentication (MFA) for sign in?
    IBM Storage Fusion HCI System uses SSO through Red Hat® OpenShift Data Foundation authentication. Red Hat OpenShift Data Foundation can also be configured to enforce MFA. IBM Storage Fusion HCI System supports all of the OAuth authenticators that OpenShift supports.
  5. How does SSO work between IBM Storage Fusion HCI System and other integrated applications?
    • Red Hat OpenShift:

      Yes, SSO is configured for IBM Storage Fusion HCI System and Red HatOpenShift. It works for Kubeadmin. For identity providers, there is a RFE raised against OpenShift team for enabling SSO login for identity providers.

    • IBM Storage Scale:

      Yes, SSO is configured for IBM Storage Fusion HCI System and IBM Storage Scale.

  6. How does authorization and authentication work in OpenShift?
    For more information about authorization and authentication, see https://docs.openshift.com/container-platform/4.15/authentication/understanding-authentication.html.

  7. Who are the primary personas/roles to whom Fusion is targeted?
    There are two primary personas:
    1. The team that is setting up and managing the OpenShift infrastructure.
    2. The application team that works on developing and deploying applications to OpenShift.