Limit creation of organizations in Quay

Environment

• Red Hat Quay
  • 3.6

Issue

• As an administrator, one wants to limit normal users from creating organizations in Quay and allow only specific users this option.
• Is there a way in the configuration to prevent quay organizations from being created?
• Is there a way to prevent users from being able to create organizations?

Resolution

• Red Hat has proposed a new request to have a FEATURE_ toggle that allows clients to disable Organization-Creation for a normal user.
• Another part of the request is to establish a process where a Super-User scoped token is used to create a new organization on request and setup AD Team Sync for that Organization with a Creator role for that team.
• The feature request can be tracked This content is not included.here and is available in Quay 3.8.

Root Cause

• Due to Compliance requirements company has a very strict User Access Management process in place. So due to Audibility and Traceability, a request for a certain role in any application needs to happen via a formal request and approval process. Usually, this means, that once a granted user is added to a specific AD group due to various mechanisms (like team-sync,...) then he is granted access to the feature/function he requested. This is also linked with a yearly User-Recertification process which checks if a user still requires access, and if not, removes him from the AD group.
• Quay in its current form can't comply with this mandatory process, as one could create their own organization and directly grant access to all the users one wants.

This solution is part of Red Hat’s fast-track publication program, providing a huge library of solutions that Red Hat engineers have created while supporting our customers. To give you the knowledge you need the instant it becomes available, these articles may be presented in a raw and unedited form.