PaaS/SaaS anyone?

Rancher is lit, it is a pretty awesome piece of software!

One thing I would like to see built in (or as a plugin) is improved user access management. Right now it seems that once a user logs in that user has access to everything, with the exception of certain admin features. I would prefer for the admin to determine in a fine-grain detail which features other users or user groups have access to.

Using this approach, Rancher could be used as a PaaS or SaaS. For instance, end users would not need to worry about creating hosts or setting up infrastructure, that would be left up to DevOps. they would simply decide the application they would like to deploy, as determined by the admin, and run it (obviously, that’s when user sign up, billing, usage, etc. comes in). I understand that it currently has third-party access management but I’m not sure how fine grained an access level one could reach through that.

In fact, with the new Catalog feature, the admin could have the ability to even pre-determine which catalog item(s) a certain user role (group) could be allowed to deploy. In essence, a PaaS/SaaS.


IIRC you can limit a user per “environment”, so you can have developers on a certain environment, and users that have production access (such as ops team), can access other hosts, etc…

EDIT: My apologies… it seems we cant select an environment for an API key or for a User… it would be good to have them at least with per/environment permissions… fine grained would be optimal…

Access to environments can be restricted to a set of users/groups. It’s the other way, you select users for environments (not environments for a user).

API keys are only for a single environment; there exists a way to create one tied to a user instead (with access to the environments they have), but not in the UI.