Group artifact access

[ozarkblue]

Hi,
Would anyone provide some details of how this artifact group access works pls?

I see this option in Admin login in Registry but while I turned this on I didn't see much affect in developer access(ad-developer) mode.
Also not sure what it means by Group owner(creator) can access only. As while trying to upload a new artifact with UI console I as sr-developer access can give a new Group ID that it creates and upload the artifact.
Not sure if I'm missing anything.
Is there any ENV variable to setup for the same as well to make it work?

My Qn is : How to make this feature work and how to add different user to the group access of artifact so that all those users have edit access to all the artifacts in that particular group.

Also what it meant by 'When selected, Service Registry allows only the artifact group owner (creator) to modify an artifact '?
What information to modify for the group and who is considered the owner here ? As there is no separate group creation option in UI.

We have use-case where we need to provide edit access to a team of users to a set of artifact ,not individual, as associate moves across teams all the time ,also leaving Org could end up others not having access to artifacts.

[EricWittmann]

Thanks for the question. Right now we don't have fine-grained RBAC controls at the group level. In other words, there is no way to assign a set of users access to a group (or to an artifact, for that matter). What we do have currently is the feature you have indicated. What it does is limit the creation of new artifacts within a group to the user who first created that group.

So if UserA is the first user to create an artifact in GroupB, then only UserA will be able to create additional artifacts in GroupB. Any other user will be prevented from doing so.

[EricWittmann]

Note: we would like to eventually support fine grained controls as you've described, but that is not yet implemented.

[jadedfire]

So how does a development team work together? People go on vacation, or otherwise become unavailable.

[EricWittmann]

Well typically content is registered in the registry as part of a CI/CD process, so dev team collaboration can happen externally to the registry.

Absent that workflow, I've seen teams create a shared service account. It's definitely not ideal, though.