Admin List relies on the configured
Authentication Schema to correctly identify
the user. On each request a check against a pre-configured admin list is done.
If the user is contained on this list, they get all permissions. If they aren’t
they get none. It’s not possible to assign only some rights to a specific user
with the Admin List plugin.
Other than a list of admins, it is also possible to specify a list of read-only users.
Those users have permissions on all
list operations, but no other
If a subject is present on both the admin and read-only list, Weaviate will error on startup due to the invalid configuration.
Simply configure the admin plugin in the config yaml like so:
authorization: admin_list: enabled: true users: - firstname.lastname@example.org - email@example.com read_only_users: - firstname.lastname@example.org
The above would enable the plugin and make users
email@example.com admins. Additionally, user
firstname.lastname@example.org will have read-only permissions.
Note that in the above example email ids are used to identify the user. This is not a requirement, in fact, any string can be used. This depends on what you configured in the authentication settings. For example, if you are using Open ID Connect authentication, you could set the
More fine-grained Role-Based Access Control (RBAC) coming soon. As of now the only possible distinction is between Admins (CRUD), Read-Only Users and entirely unauthorized users.
If you can’t find the answer to your question here, please look at the: