Google Git
Sign in
eclipse / www.eclipse.org / che / d27350e54fe3198af7eeaa9aee48a0f2787d82c7 / . / docs / che-7 / administration-guide / authorizing-users / index.html
blob: 4eec06fd7352c15fdbd063507b46bf59e890566b [file] [log] [blame]
<!DOCTYPE html>
<html lang="en">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<title>Authorizing users :: Eclipse Che Documentation</title>
<link rel="canonical" href="https://www.eclipse.org/che/docs/che-7/administration-guide/authorizing-users/">
<meta name="keywords" content="administration-guide, authorizing-users">
<meta name="generator" content="Antora 2.3.3">
<link rel="stylesheet" href="../../../_/css/site.css">
<link rel="stylesheet" href="../../../_/css/extra.css">
<link rel="stylesheet" href="../../../_/font-awesome-4.7.0/css/font-awesome.min.css">
<link rel="icon" href="../../../favicon.ico" type="image/x-icon">
<script async src="https://www.googletagmanager.com/gtag/js?id=UA-37306001-2"></script>
<script>function gtag(){dataLayer.push(arguments)};window.dataLayer=window.dataLayer||[];gtag('js',new Date());gtag('config','UA-37306001-2')</script>
</head>
<body class="article">
<header class="header" role="banner">
<nav class="navbar">
<div class="navbar-brand">
<div class="navbar-item">
<button class="navbar-burger" data-target="topbar-nav">
<span></span>
<span></span>
<span></span>
</button>
<img src="../../../_/img/icon-eclipse-che.svg" class="navbar-logo" alt="Eclipse Che logo">
<a href="https://www.eclipse.org/che/docs">Eclipse Che Documentation</a>
</div>
</div>
<div id="topbar-nav" class="navbar-menu">
<div class="navbar-end">
<div class="navbar-item hide-for-print">
<script async src="https://cse.google.com/cse.js?cx=002898025167115630151:gnr5edrg2eo"></script>
<div class="gcse-searchbox" enableAutoComplete="true"></div>
</div>
<a class="navbar-item" href="#">Home</a>
<a class="navbar-item" href="https://che.eclipse.org/">Blog</a>
<a class="navbar-item" href="https://github.com/eclipse/che">Source Code</a>
</div>
</div>
</nav>
<div class="gcse-searchresults"></div>
</header>
<div class="body">
<div class="nav-container" data-component="che-7" data-version="master">
<aside class="nav">
<div class="panels">
<div class="nav-panel-menu is-active" data-panel="menu">
<nav class="nav-menu">
<h3 class="title"><a href="../../overview/introduction-to-eclipse-che/">Eclipse Che 7 Documentation</a></h3>
<ul class="nav-list">
<li class="nav-item" data-depth="0">
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../overview/introduction-to-eclipse-che/">Introduction to Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../overview/che-architecture/">Che architecture</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../hosted-che/hosted-che/">Hosted Che</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<button class="nav-item-toggle"></button>
<span class="nav-text">End-user Guide</span>
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/navigating-che/">Navigating Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/navigating-che-using-the-dashboard/">Navigating Che: dashboard</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/importing-certificates-to-browsers/">Importing certificates to browsers</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/accessing-che-from-openshift-developer-perspective/">Navigating Che from OpenShift Developer Perspective</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/che-theia-ide-basics/">Che-Theia IDE basics</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/defining-custom-commands-for-che-theia/">Defining custom commands for Che-Theia</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/version-control/">Version Control</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/che-theia-troubleshooting/">Che-Theia Troubleshooting</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/workspaces-overview/">Using developer workspaces</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/configuring-a-workspace-using-a-devfile/">Configuring a workspace using a devfile</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/making-a-workspace-portable-using-a-devfile/">Making a workspace portable using a devfile</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/creating-and-configuring-a-new-workspace/">Creating and configuring a new workspace</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/importing-a-kubernetes-application-into-a-workspace/">Importing a Kubernetes application into a workspace</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/remotely-accessing-workspaces/">Remotely accessing workspaces</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/creating-a-workspace-from-code-sample/">Creating a workspace from code sample</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/creating-a-workspace-by-importing-source-code-of-a-project/">Creating a workspace by importing source code of a project</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/mounting-a-secret-as-a-file-or-an-environment-variable-into-a-workspace-container/">Mounting a secret as a file or an environment variable into a workspace container</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/customizing-developer-environments/">Customizing developer environments</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/what-is-a-che-theia-plug-in/">What is a Che-Theia plug-in</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/using-alternative-ides-in-che/">Using alternative IDEs in Che</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/adding-tools-to-che-after-creating-a-workspace/">Adding tools to Che after creating a workspace</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/configuring-oauth-authorization/">Configuring OAuth authorization</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/configuring-github-oauth/">Configuring GitHub OAuth</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/configuring-openshift-oauth/">Configuring OpenShift OAuth</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/using-artifact-repositories-in-a-restricted-environment/">Using artifact repositories in a restricted environment</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/using-maven-artifact-repositories/">Using Maven artifact repositories</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/using-gradle-artifact-repositories/">Using Gradle artifact repositories</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/using-python-artifact-repositories/">Using Python artifact repositories</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/using-go-artifact-repositories/">Using Go artifact repositories</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/using-nuget-artifact-repositories/">Using NuGet artifact repositories</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/using-npm-artifact-repositories/">Using npm artifact repositories</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../end-user-guide/troubleshooting-che/">Troubleshooting Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/troubleshooting-slow-workspaces/">Troubleshooting slow workspaces</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/troubleshooting-network-problems/">Troubleshooting network problems</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/starting-a-che-workspace-in-debug-mode/">Starting a workspace in debug mode</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../end-user-guide/restarting-a-che-workspace-in-debug-mode-after-start-failure/">Restarting a workspace in debug mode after start failure</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<button class="nav-item-toggle"></button>
<span class="nav-text">Installation Guide</span>
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../installation-guide/supported-platforms/">Supported platforms</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../installation-guide/configuring-the-che-installation/">Configuring the Che installation</a>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../installation-guide/installing-che/">Installing Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../installation-guide/installing-che-in-cloud/">Installing Che in cloud</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../installation-guide/installing-che-on-openshift-4-using-operatorhub/">Installing Che on OpenShift 4</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../installation-guide/installing-che-on-openshift-3-using-the-operator/">Installing Che on OpenShift 3</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../installation-guide/installing-che-on-kubespray/">Installing Che on Kubespray</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../installation-guide/installing-che-on-aws/">Installing Che on AWS</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../installation-guide/installing-che-on-google-cloud-platform/">Installing Che on Google Cloud</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../installation-guide/installing-che-on-microsoft-azure/">Installing Che on Microsoft Azure</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../installation-guide/installing-che-locally/">Installing Che locally</a>
<ul class="nav-list">
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../installation-guide/installing-che-on-codeready-containers/">Installing Che on CodeReady Containers</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../installation-guide/installing-che-on-docker-desktop/">Installing Che on Docker Desktop</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../installation-guide/installing-che-on-minikube/">Installing Che on Minikube</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../installation-guide/installing-che-on-minishift/">Installing Che on Minishift</a>
</li>
<li class="nav-item" data-depth="3">
<a class="nav-link" href="../../installation-guide/installing-che-on-kind/">Installing Che on Kind</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../installation-guide/using-the-chectl-management-tool/">Using the chectl management tool</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../installation-guide/installing-che-in-a-restricted-environment/">Installing Che in restricted environment</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../installation-guide/advanced-configuration/">Advanced configuration</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../installation-guide/advanced-configuration-options-for-the-che-server-component/">Advanced configuration options for Che server</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../installation-guide/configuring-namespace-strategies/">Configuring namespace strategies</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../installation-guide/configuring-workspace-exposure-strategies/">Configuring workspace exposure strategies</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../installation-guide/configuring-workspaces-nodeselector/">Configuring workspaces nodeSelector</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../installation-guide/configuring-che-hostname/">Configuring Che hostname</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../installation-guide/deploying-che-with-support-for-git-repositories-with-self-signed-certificates/">Deploying Che with support for Git repositories with self-signed certificates</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../installation-guide/installing-che-using-storage-classes/">Installing Che using storage classes</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../installation-guide/configuring-storage-types/">Configuring storage types</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../installation-guide/importing-tls-certificates-to-che-server-java-truststore/">Importing TLS certificates to Che server Java truststore</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../installation-guide/upgrading-che/">Upgrading Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../installation-guide/upgrading-che-using-operatorhub/">Upgrading Che using OperatorHub</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../installation-guide/upgrading-che-using-the-cli-management-tool/">Upgrading Che using the CLI management tool</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../installation-guide/uninstalling-che/">Uninstalling Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../installation-guide/uninstalling-che-after-operatorhub-installation-using-openshift-web-console/">Using the OpenShift web console</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../installation-guide/uninstalling-che-after-operatorhub-installation-using-openshift-cli/">Using OpenShift CLI</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../installation-guide/uninstalling-che-after-chectl-installation/">Using chectl</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<button class="nav-item-toggle"></button>
<span class="nav-text">Administration Guide</span>
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../che-architecture-overview/">Che architecture</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../che-workspace-controller/">Che workspace controller</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../che-workspaces-architecture/">Che workspaces architecture</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../calculating-che-resource-requirements/">Calculating Che resource requirements</a>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../customizing-the-devfile-and-plug-in-registries/">Customizing devfile and plug-in registries</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../building-and-running-a-custom-registry-image/">Building and running a custom registry image</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../including-the-plug-in-binaries-in-the-registry-image/">Including the plug-in binaries in the registry image</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../editing-a-devfile-and-plug-in-at-runtime/">Editing a devfile and plug-in at runtime</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../using-a-visual-studio-code-extension-in-che/">Using a VS Code extension in Che</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../testing-a-visual-studio-code-extension-in-che/">Testing a VS Code extension in Che</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../retrieving-che-logs/">Retrieving Che logs</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../viewing-kubernetes-events/">Accessing Kubernetes events on OpenShift</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../viewing-operator-events/">Viewing the Operator events on OpenShift</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../viewing-che-server-logs/">Viewing Che server logs</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../viewing-external-service-logs/">Viewing external service logs</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../viewing-che-workspaces-logs/">Viewing Che workspaces logs</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../viewing-plug-in-broker-logs/">Viewing Plug-in broker logs</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../collecting-logs-using-chectl/">Collecting logs using chectl</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../monitoring-che/">Monitoring Che</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../tracing-che/">Tracing Che</a>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../managing-users/">Managing users</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../configuring-authorization/">Configuring authorization</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../removing-user-data/">Removing user data</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../securing-che/">Securing Che</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../authenticating-users/">Authenticating users</a>
</li>
<li class="nav-item is-current-page" data-depth="2">
<a class="nav-link" href="./">Authorizing users</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../backup-and-disaster-recovery/">Backup and disaster recovery</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../external-database-setup/">External database setup</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../persistent-volumes-backups/">Persistent Volumes backups</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../caching-images-for-faster-workspace-start/">Caching images for faster workspace start</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<button class="nav-item-toggle"></button>
<span class="nav-text">Contributor Guide</span>
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../contributor-guide/branding-che-theia/">Branding Che-Theia</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../contributor-guide/developing-che-theia-plug-ins/">Developing Che-Theia plug-ins</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../contributor-guide/testing-che-theia-plug-ins/">Testing Che-Theia plug-ins</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../contributor-guide/publishing-che-theia-plug-ins/">Publishing Che-Theia plug-ins</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../contributor-guide/adding-support-for-a-new-language/">Adding support for a new language</a>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../contributor-guide/adding-support-for-a-new-debugger/">Adding support for a new debugger</a>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../contributor-guide/che-extensibility-reference/">Che extensibility reference</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../contributor-guide/che-extension-points/">Che extension points</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../contributor-guide/che-theia-plug-in-api/">Che-Theia plug-in API</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../contributor-guide/debug-adapter-protocol/">Debug Adapter Protocol</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../contributor-guide/language-server-protocol/">Language Server Protocol</a>
</li>
</ul>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<button class="nav-item-toggle"></button>
<span class="nav-text">Extensions</span>
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../extensions/eclipse-che4z/">Eclipse Che4z</a>
</li>
<li class="nav-item" data-depth="1">
<button class="nav-item-toggle"></button>
<a class="nav-link" href="../../extensions/openshift-connector-overview/">OpenShift Connector</a>
<ul class="nav-list">
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../extensions/features-of-openshift-connector/">Features of OpenShift Connector</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../extensions/installing-openshift-connector-in-che/">Installing OpenShift Connector in Eclipse Che</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../extensions/authenticating-with-openshift-connector-from-che/">Authenticating with OpenShift Connector from Eclipse Che</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../extensions/creating-components-with-openshift-connector-in-che/">Creating Components with OpenShift Connector in Eclipse Che</a>
</li>
<li class="nav-item" data-depth="2">
<a class="nav-link" href="../../extensions/connecting-source-code-from-github-to-a-openshift-component-using-openshift-connector/">Connecting source code from GitHub to a OpenShift Component</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../extensions/telemetry/">Telemetry</a>
</li>
</ul>
</li>
<li class="nav-item" data-depth="0">
<ul class="nav-list">
<li class="nav-item" data-depth="1">
<a class="nav-link" href="../../glossary/che-glossary/">Che glossary</a>
</li>
</ul>
</li>
</ul>
</nav>
</div>
<div class="nav-panel-explore" data-panel="explore">
<div class="context">
<span class="title">Eclipse Che 7 Documentation</span>
<span class="version">Stable</span>
</div>
<ul class="components">
<li class="component">
<span class="title">devfile</span>
<ul class="versions">
<li class="version is-latest">
<a href="../../../devfile/">master</a>
</li>
</ul>
</li>
<li class="component is-current">
<span class="title">Eclipse Che 7 Documentation</span>
<ul class="versions">
<li class="version is-current is-latest">
<a href="../../overview/introduction-to-eclipse-che/">Stable</a>
</li>
</ul>
</li>
</ul>
</div>
</div>
</aside>
</div>
<main class="article">
<div class="toolbar" role="navigation">
<button class="nav-toggle"></button>
<a href="../../overview/introduction-to-eclipse-che/" class="home-link"></a>
<nav class="breadcrumbs" aria-label="breadcrumbs">
<ul>
<li><a href="../../overview/introduction-to-eclipse-che/">Eclipse Che 7 Documentation</a></li>
<li>Administration Guide</li>
<li><a href="../securing-che/">Securing Che</a></li>
<li><a href="./">Authorizing users</a></li>
</ul>
</nav>
<div class="edit-this-page"><a href="https://github.com/eclipse/che-docs/edit/master/modules/administration-guide/pages/authorizing-users.adoc">Edit this Page</a></div>
</div>
<div class="content">
<article class="doc">
<h1 class="page">Authorizing users</h1>
<div id="preamble">
<div class="sectionbody">
<div class="paragraph">
<p>User authorization in Che is based on the permissions model. Permissions are used to control the allowed actions of users and establish a security model. Every request is verified for the presence of the required permission in the current user subject after it passes authentication. You can control resources managed by Che and allow certain actions by assigning permissions to users.</p>
</div>
<div class="paragraph">
<p>Permissions can be applied to the following entities:</p>
</div>
<div class="ulist">
<ul>
<li>
<p>Workspace</p>
</li>
<li>
<p>System</p>
</li>
</ul>
</div>
<div class="paragraph">
<p>All permissions can be managed using the provided REST API. The APIs are documented using Swagger at <code>+https+://<em><che-host></em>:<em><che-port></em>/swagger/#!/permissions</code>.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="che-workspace-permissions_authorizing-users"><a class="anchor" href="#che-workspace-permissions_authorizing-users"></a>Che workspace permissions</h2>
<div class="sectionbody">
<div class="paragraph">
<p>The user who creates a workspace is the workspace owner. By default, the workspace owner has the following permissions: <code>read</code>, <code>use</code>, <code>run</code>, <code>configure</code>, <code>setPermissions</code>, and <code>delete</code>. Workspace owners can invite users into the workspace and control workspace permissions for other users.</p>
</div>
<div class="paragraph">
<p>The following permissions are associated with workspaces:</p>
</div>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 1. Che workspace permissions</caption>
<colgroup>
<col style="width: 50%;">
<col style="width: 50%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Permission</th>
<th class="tableblock halign-left valign-top">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">read</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows reading the workspace configuration.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">use</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows using a workspace and interacting with it.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">run</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows starting and stopping a workspace.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">configure</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows defining and changing the workspace configuration.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">setPermissions</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows updating the workspace permissions for other users.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">delete</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows deleting the workspace.</p></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="sect1">
<h2 id="che-system-permissions_authorizing-users"><a class="anchor" href="#che-system-permissions_authorizing-users"></a>Che system permissions</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Che system permissions control aspects of the whole Che installation. The following permissions are applicable to the system:</p>
</div>
<table class="tableblock frame-all grid-all stretch">
<caption class="title">Table 2. Che system permission</caption>
<colgroup>
<col style="width: 50%;">
<col style="width: 50%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Permission</th>
<th class="tableblock halign-left valign-top">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">manageSystem</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows control of the system and workspaces.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">setPermissions</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows updating the permissions for users on the system.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">manageUsers</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows creating and managing users.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">monitorSystem</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Allows accessing endpoints used for monitoring the state of the server.</p></td>
</tr>
</tbody>
</table>
<div class="paragraph">
<p>All system permissions are granted to the administrative user who is configured in the <code>CHE_SYSTEM_ADMIN__NAME</code> property (the default is <code>admin</code>). The system permissions are granted when the Che server starts. If the user is not present in the Che user database, it happens after the first user’s login.</p>
</div>
</div>
</div>
<div class="sect1">
<h2 id="managesystem-permission_authorizing-users"><a class="anchor" href="#managesystem-permission_authorizing-users"></a>manageSystem permission</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Users with the <strong>manageSystem</strong> permission have access to the following services:</p>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 33.3333%;">
<col style="width: 33.3333%;">
<col style="width: 33.3334%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Path</th>
<th class="tableblock halign-left valign-top">HTTP Method</th>
<th class="tableblock halign-left valign-top">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">/resource/free/</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">GET</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Get free resource limits.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">/resource/free/{accountId}</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">GET</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Get free resource limits for the given account.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">/resource/free/{accountId}</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">POST</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Edit free resource limit for the given account.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">/resource/free/{accountId}</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">DELETE</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Remove free resource limit for the given account.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">/installer/</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">POST</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Add installer to the registry.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">/installer/{key}</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">PUT</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Update installer in the registry.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">/installer/{key}</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">DELETE</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Remove installer from the registry.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">/logger/</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">GET</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Get logging configurations in the Che server.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">/logger/{name}</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">GET</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Get configurations of logger by its name in the Che server.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">/logger/{name}</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">PUT</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Create logger in the Che server.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">/logger/{name}</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">POST</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Edit logger in the Che server.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">/resource/{accountId}/details</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">GET</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Get detailed information about resources for the given account.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">/system/stop</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">POST</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Shutdown all system services, prepare Che to stop.</p></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="sect1">
<h2 id="monitorsystem-permission_authorizing-users"><a class="anchor" href="#monitorsystem-permission_authorizing-users"></a>monitorSystem permission</h2>
<div class="sectionbody">
<div class="paragraph">
<p>Users with the <strong>monitorSystem</strong> permission have access to the following services.</p>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 33.3333%;">
<col style="width: 33.3333%;">
<col style="width: 33.3334%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Path</th>
<th class="tableblock halign-left valign-top">HTTP Method</th>
<th class="tableblock halign-left valign-top">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">/activity</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">GET</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Get workspaces in a certain state for a certain amount of time.</p></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="sect1">
<h2 id="super-privileged-mode_authorizing-users"><a class="anchor" href="#super-privileged-mode_authorizing-users"></a>super-privileged mode</h2>
<div class="sectionbody">
<div class="paragraph">
<p>The <strong>manageSystem</strong> permission can be extended to provide a <strong>super-privileged</strong> mode. This allows the user to perform advanced actions on any resources managed by the system. A user can read and stop any workspace with the <strong>manageSystem</strong> permission and assign permissions to other users as needed.</p>
</div>
<div class="paragraph">
<p>The <strong>super-privileged</strong> mode is disabled by default. To change to the <strong>super-privileged</strong> mode, set the <code>CHE_SYSTEM_SUPER__PRIVILEGED__MODE</code> environment variable to <code>true</code>. The list of services that are enabled for users with the <strong>manageSystems</strong> permissions and with <strong>super-privileged</strong> mode on:</p>
</div>
<table class="tableblock frame-all grid-all stretch">
<colgroup>
<col style="width: 33.3333%;">
<col style="width: 33.3333%;">
<col style="width: 33.3334%;">
</colgroup>
<thead>
<tr>
<th class="tableblock halign-left valign-top">Path</th>
<th class="tableblock halign-left valign-top">HTTP Method</th>
<th class="tableblock halign-left valign-top">Description</th>
</tr>
</thead>
<tbody>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">/workspace/namespace/{namespace:.*}</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">GET</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Get all workspaces for the given namespace.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">/workspace/{id}</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">DELETE</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Stop a workspace.</p></td>
</tr>
<tr>
<td class="tableblock halign-left valign-top"><p class="tableblock">/workspace/\{key:.*}</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">GET</p></td>
<td class="tableblock halign-left valign-top"><p class="tableblock">Get a workspace by key.</p></td>
</tr>
</tbody>
</table>
</div>
</div>
<div class="sect1">
<h2 id="listing-che-permissions_authorizing-users"><a class="anchor" href="#listing-che-permissions_authorizing-users"></a>Listing Che permissions</h2>
<div class="sectionbody">
<div class="paragraph">
<p>To list Che permissions that apply to a specific <strong>resource</strong>, perform the <code>GET /permissions</code> request.</p>
</div>
<div class="paragraph">
<p>To list the permissions that apply to a <strong>user</strong>, perform the <code>GET /permissions/{domain}</code> request.</p>
</div>
<div class="paragraph">
<p>To list the permissions that apply to <strong>all users</strong>, perform the <code>GET /permissions/{domain}/all</code> request. The user must have <strong>manageSystem</strong> permissions to see this information.</p>
</div>
<div class="paragraph">
<p>The suitable domain values are:</p>
</div>
<div class="ulist">
<ul>
<li>
<p>system</p>
</li>
<li>
<p>organization</p>
</li>
<li>
<p>workspace</p>
</li>
</ul>
</div>
<div class="admonitionblock note">
<table>
<tr>
<td class="icon">
<i class="fa icon-note" title="Note"></i>
</td>
<td class="content">
The domain is optional. If no domain is specified, the API returns all possible permissions for all the domains.
</td>
</tr>
</table>
</div>
</div>
</div>
<div class="sect1">
<h2 id="assigning-che-permissions_authorizing-users"><a class="anchor" href="#assigning-che-permissions_authorizing-users"></a>Assigning Che permissions</h2>
<div class="sectionbody">
<div class="paragraph">
<p>To assign permissions to a resource, perform the <code>POST /permissions</code> request. The suitable domain values are:</p>
</div>
<div class="ulist">
<ul>
<li>
<p>system</p>
</li>
<li>
<p>organization</p>
</li>
<li>
<p>workspace</p>
</li>
</ul>
</div>
<div class="paragraph">
<p>The following is a message body that requests permissions for a user with a <code>userId</code> to a workspace with a <code>workspaceID</code>:</p>
</div>
<div class="listingblock">
<div class="title">Requesting Che user permissions</div>
<div class="content">
<pre class="highlightjs highlight"><code class="language-json hljs" data-lang="json">{
"actions": [
"read",
"use",
"run",
"configure",
"setPermissions"
],
"userId": "userID", <i class="conum" data-value="1"></i><b>(1)</b>
"domainId": "workspace",
"instanceId": "workspaceID" <i class="conum" data-value="2"></i><b>(2)</b>
}</code></pre>
</div>
</div>
<div class="colist arabic">
<table>
<tr>
<td><i class="conum" data-value="1"></i><b>1</b></td>
<td>The <strong>userId</strong> parameter is the ID of the user that has been granted certain permissions.</td>
</tr>
<tr>
<td><i class="conum" data-value="2"></i><b>2</b></td>
<td>The <strong>instanceId</strong> parameter is the ID of the resource that retrieves the permission for all users.</td>
</tr>
</table>
</div>
</div>
</div>
<div class="sect1">
<h2 id="sharing-che-permissions_authorizing-users"><a class="anchor" href="#sharing-che-permissions_authorizing-users"></a>Sharing Che permissions</h2>
<div class="sectionbody">
<div class="paragraph">
<p>A user with <strong>setPermissions</strong> privileges can share a workspace and grant <code>read</code>, <code>use</code>, <code>run</code>, <code>configure</code>, or <code>setPermissions</code> privileges for other users.</p>
</div>
<div class="paragraph">
<div class="title">Procedure</div>
<p>To share workspace permissions:</p>
</div>
<div class="olist arabic">
<ol class="arabic">
<li>
<p>Select a workspace in the user dashboard.</p>
</li>
<li>
<p>Navigate to the <strong>Share</strong> tab and enter the email IDs of the users. Use commas or spaces as separators for multiple emails.</p>
</li>
</ol>
</div>
</div>
</div>
</article>
<aside class="toc sidebar" data-title="Contents" data-levels="2">
<div class="toc-menu"></div>
</aside>
</div>
</main>
</div>
<footer class="footer">
<div><a href="https://www.eclipse.org" target="_blank">Eclipse Foundation</a> |
<a href="https://www.eclipse.org/legal/privacy.php" target="_blank">Privacy Policy</a> |
<a href="https://www.eclipse.org/legal/termsofuse.php" target="_blank">Terms of Use</a> |
<a href="https://www.eclipse.org/legal/epl-2.0/" target="_blank">Eclipse Public License</a> |
<a href="https://www.eclipse.org/legal" target="_blank">Legal Resources</a></div>
</footer>
<script src="../../../_/js/site.js"></script>
<script async src="../../../_/js/vendor/highlight.js"></script>
</body>
</html>