View users who are assigned roles within a workspace #4049
Comments
marrobi
changed the title
|
Would be good to get this for the main TRE too, not just a workspace |
|
Thoughts? Should it be Users or Members? On the left menu, or maybe somewhere else. @jonnyry @TonyWildish-BH @tim-allen-ck thoughts? I will try do a PR, as code is written, and people can test and comment as feel fit. |
|
this looks useful, yes. It's a little confusing to put it under 'shared services', since it's not a service, just config information. Is it easy to add an extra section on the left, 'config', where this can go? Eventually, we may want to implement further features, such as allowing the Workspace Owner to allow/disallow certain workspace service templates, and this would then be a great place to put it. |
|
Ah, it's not actually under shared services, that's the React component being confusing... But agree, a section called Configuration or Administration. Wording is another discussion. |
Users makes sense, but looks good. Is this just to view the users or configure them as well? |
|
This PR is to view, we could add configuration options. I just wanted something interesting to give a go with Copilot Workspaces. Was probably 50% AI... |
This would be handy for us. I think users is marginally clearer. |
|
Draft PR above, welcome anybody who is able to test with larger numbers of users/groups than I have in my demo environment. @TonyWildish-BH if/when we get more admin/config settings we can create a separate section. |
TRE Admins and all workspace users should be able to retrieve which users are assigned to a workspace.
This can be done by adding an additional route to
workspaces_shared_router, for example:/api/workspaces/{workspace_id}/users/.The MS Graph API should be used to retrieve roles from the Enterprise Application. This can be done using the call described here - https://learn.microsoft.com/en-us/graph/api/serviceprincipal-list-approleassignedto?view=graph-rest-1.0&tabs=http ,
GET /servicePrincipals(appId='{appId}')/appRoleAssignedToThis needs to appear in the Workspace Swagger docs under a section Users.
The API response should return a list of users, including their name (principalDisplayName), email (derived from another graph call using principalId), and the app roles assigned to the user.
The user interface needs a new section on the left hand menu under Airlock, called Users. This should display a list of users including their name, email and role(s).
The text was updated successfully, but these errors were encountered: