By default, Authentication methods (enabled with ANKA_ENABLE_AUTH
) will not use Authorization/permissions and allow any credential to connect to all API endpoints or pages in the UI. In order to enable Authorization, you will need to include specific ENVs in your config:
ANKA_ENABLE_CONTROLLER_AUTHORIZATION
works for both combined and standalone (docker) packages.ANKA_ENABLE_AUTHORIZATION
is only for the standalone (native or docker) registry packages.ANKA_ENABLE_REGISTRY_AUTHORIZATION
is for the combined (controller + registry in one binary) package only.
This feature requires Enterprise Plus. The regular enterprise license automatically adds all permissions to each certificate or token that is used and gives no control over them.
This also requires that you’ve enabled Root Token Authentication, giving you super user access to the controller UI and permissions.
Do not confuse Node Groups with Permission Groups.
Permission Groups
Permission groups are configurable from your Controller’s https://<controller address>/#/permission-groups
page. You can target and add permissions for either the group name or the username (which is different between the various Advanced Security Features we offer).
