Hello! Yes, what Chad says makes sense to me.
I don't recall discussing a UI for the <admins> tag though. There is an API, if that helps you, Jason: https://api.gocd.org/current/#update-system-admins Cheers, Aravind On Sat, 1 Jun 2024 at 10:21, Chad Wilson <ch...@thoughtworks.com> wrote: > Interesting, had not noticed that limitation (didn't know you could assign > a role to super-admin at all!). Personally I don't know a UI-driven way. > > Looks like it was vaguely discussed as part of > https://github.com/gocd/gocd/issues/3712 but I cannot see that > possibility to map that within the Role Management page, nor a specific > open issue/feature request for that. > > I believe there were a number of aspects of more granular auth for global > entities <https://github.com/gocd/gocd/issues/7222> that wasn't > necessarily completed, but I think this work was intended to reduce the > need for super-admins in general. Keep in mind this work was mainly > happening in H2 2019 and Thoughtworks announced closure of studios for end > 2020 on Nov 18 2019. I believe the focus went to open sourcing pieces in H1 > 2020 so this possibly never got to its full vision :-). > > Having said that, from your other post it appears you are on a very old > GoCD version so I am not sure if what you are seeing is the same as what I > am seeing now. > > In any case, you may wish to update to (or play with a trial of) a later > version to see if a sufficient number of global entities can be directly > delegated to roles such that the super-admin permissions are much less > necessary than earlier, and perhaps less necessary to map to roles > frequently. I believe it at least supports environments/cluster > profiles/elastic profiles/pipeline groups. > > -Chad > > On Sat, Jun 1, 2024 at 4:22 AM Jason Smyth <jsm...@taqauto.com> wrote: > >> Hi everyone, >> >> We are looking to improve our GoCD permissions management by using more >> role-based permissions. >> >> >> The role-based security documentation >> <https://docs.gocd.org/19.8.0/configuration/dev_authorization.html#role-based-security> >> states >> that it is possible to add a role to the server's security node admin list >> and that all users of the role will inherit admin permissions. >> >> We tested this and it seems to work as described, however I am unable to >> find a mechanism for managing this within GoCD. I was only able to get it >> working by manually editing the cruise-config.xml file. >> >> Am I missing something, or is this really the only way to manage >> role-based administrative access to GoCD? >> >> Thanks in advance, >> Jason >> >> -- >> You received this message because you are subscribed to the Google Groups >> "go-cd" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to go-cd+unsubscr...@googlegroups.com. >> To view this discussion on the web visit >> https://groups.google.com/d/msgid/go-cd/15df8afb-fa71-4d37-aa5d-a1d01939cb5cn%40googlegroups.com >> <https://groups.google.com/d/msgid/go-cd/15df8afb-fa71-4d37-aa5d-a1d01939cb5cn%40googlegroups.com?utm_medium=email&utm_source=footer> >> . >> > -- > You received this message because you are subscribed to the Google Groups > "go-cd" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to go-cd+unsubscr...@googlegroups.com. > To view this discussion on the web visit > https://groups.google.com/d/msgid/go-cd/CAA1RwH-oabmFNK2aPWEE8hr2dXmnoX_oX6HBHsBsX1O%2BKXPeOw%40mail.gmail.com > <https://groups.google.com/d/msgid/go-cd/CAA1RwH-oabmFNK2aPWEE8hr2dXmnoX_oX6HBHsBsX1O%2BKXPeOw%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "go-cd" group. To unsubscribe from this group and stop receiving emails from it, send an email to go-cd+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/go-cd/CACxychEAS%3D2558NdLBpFNjFjJUssrgzZPSwknr%3DFM2Rs36nrbQ%40mail.gmail.com.
