Group-Based Access Control for Uploads
It would be beneficial to implement a feature allowing users to define groups, where members of these groups can either view or edit specific uploads. This would provide a more flexible way for users to share and manage access to their uploads.
Possible Implementation:
-
Group Management in Keyclock
- While this is possible, this will mean that the group management will reside outside NOMAD.
-
Group Management within NOMAD:
- Instead of using external systems like Keycloak for group management, integrate group creation and modification directly into the NOMAD application.
- Each group should have designated roles like 'group_admin' and 'members'.
- Admins: Can create, edit, and delete the group, add/remove members.
- Members: Have read/write permissions based on the group settings.
- Similar to platforms like GitLab, members should be able to leave a group on their own.
-
Upload Visibility and Access:
- By default, an upload should only be visible to the uploader at creation time.
- While uploading or editing an upload, there should be a dropdown menu allowing users to select which groups or individuals should have access to the specific upload. An upload can be shared with multiple groups.
- On the main upload page, there should be a clear indication that the upload is visible to a user/group (i.e., through which group membership). If an upload is visible due to multiple group memberships, all relevant groups should be displayed.
-
Ideas for the User Interface:
- On the top right of the Nomad interface, incorporate a button for users to manage their group memberships.
- The design and user experience should be intuitive and align with familiar platforms like GitLab, ensuring ease of use and understanding.
Use-Case:
- If multiple groups or projects are using the same Nomad Oasis deployment, each could have their dedicated shared uploads.
- Before making an AI toolkit publicly available, it could first be shared with a select group of contributors.
Additional Notes:
- It's mentioned that there's another feature request regarding upload visibility (Issue #1691). It might be advantageous to address these features together, ensuring consistent and coherent implementation.
Note: This feature suggestion was inspired by input from @josma and further enhanced by suggestions from @g-michaelgoette based on his use cases.