Skip to content

Tool: Multi-User Permission Management #138

New issue
New issue
Open
Open
Tool: Multi-User Permission Management#138
Labels
blockedThis feature is blocked.enhancementNew feature or requestuser-adminA feature where the end user is a system admin.
@chipkent

Description

@chipkent
chipkent
opened on Dec 15, 2025

Multi-User Permission Management
What's Partially Available:

PQ configuration supports admin_groups and viewer_groups parameters (via make_temporary_config)
Auth client supports uploading keys to ACL server
What's NOT Available in Python APIs:

❌ User/group CRUD operations
❌ Permission assignment/revocation
❌ Role-based access control (RBAC) management
❌ Access control list (ACL) management (beyond key upload)
❌ User/group enumeration
❌ Permission auditing
Rationale: User/group management is typically handled by:

External Identity Providers (LDAP, Active Directory, SAML IdP)
Deephaven Auth Server (configured separately from client APIs)
Administrative UIs (not exposed via Python client API)
What MCP Could Potentially Support:

Setting admin_groups and viewer_groups when creating PQs (if add_query was exposed)
This would require understanding the existing group structure from the identity provider

Metadata

Metadata

Assignees

No one assigned

    Labels

    blockedThis feature is blocked.enhancementNew feature or requestuser-adminA feature where the end user is a system admin.

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions