与UAA和BOSH的团队权限
问题描述:
我有一个连接到UAA的波什目录。我想要做的就是限制只能访问其发布版的团队访问Director。因此我想在UAA中使用团队。与UAA和BOSH的团队权限
现在我有UAA和BOSH以下问题,本文档https://bosh.io/docs/director-users-uaa-perms.html#team-admin如下:
自己创建的群组
bosh.teams.jenkins.admin与uaac group add bosh.teams.jenkins.admin我创建了一个用户
jenkinsadmin与uaac user add jenkinsadmin --emails [email protected]我将用户添加到组中
uaac member add bosh.teams.jenkins.admin jenkinsadmin
另外我补充
scope: openid,bosh.admin,bosh.read,bosh.*.admin,bosh.*.read,bosh.teams.*.admin
到BOSH导演的清单。
当我现在尝试上载波什释放与bosh upload release我收到以下错误信息:
Error 600000: Require one of the scopes: bosh.admin, bosh.0c5b93a8-46a5-4cb2-81be-b17f97afaf0f.admin
我查了我的用户的设置与uaac user get jenkinsadmin,看到下面的输出:
groups:
-
value: d6788c74-9d24-4df0-9215-1413ad8c7fed
display: cloud_controller_service_permissions.read
type: DIRECT
-
value: 0298444a-d9e3-456a-a27b-4fc66d5e41df
display: openid
type: DIRECT
-
value: 763ae5cc-7d9e-411f-9e08-54850ff9fe44
display: password.write
type: DIRECT
-
value: a349c0b8-f543-4409-8441-c8a6acdea488
display: notification_preferences.read
type: DIRECT
-
value: 7bde9588-8d6e-4c51-81f8-c5a4cf71fdd7
display: cloud_controller.read
type: DIRECT
-
value: ad49d3a5-232f-45fa-917d-f74326674857
display: uaa.user
type: DIRECT
-
value: 013ed852-59ad-4c88-9c3d-5e397f82f18b
display: scim.me
type: DIRECT
-
value: 83e5c21e-74c2-412e-a1e9-9a206841b0dc
display: bosh.teams.jenkins.admin
type: DIRECT
-
value: 09a37162-a999-416b-b1fd-923378aba7d8
display: notification_preferences.write
type: DIRECT
-
value: 2cd48b42-a0dc-4f60-9ac6-67cf40023726
display: approvals.me
type: DIRECT
-
value: ad596184-4de8-4b43-8779-1292af4ebe04
display: oauth.approvals
type: DIRECT
-
value: 3c0df91d-4f70-4320-aa34-01a9651272ee
display: cloud_controller.write
type: DIRECT
approvals:
active: true
verified: false
origin: uaa
schemas: urn:scim:schemas:core:1.0
username: jenkinsadmin
zoneid: uaa
所以我的问题是,我需要做些什么来启用UAA用户jenkinsadmin上传发布?
答
BOSH团队管理员无法上传发布给导演。
有关此团队管理员拥有的权限范围,请参阅http://bosh.io/docs/director-users-uaa-perms.html#team-admin。
您需要使用常规管理员用户才能上传版本。