In this task you will complete the following four steps.
- Create new users
- Create a team and add users
- Assign permissions to team
- Deploy containers
- A working UCP installation
- An UCP account with admin rights
In this step you will create the 4 new users shown below.
| Username | Full Name | Default Permissions |
|---|---|---|
| johnfull | John Full | Full Control |
| kerryres | Kerry Restricted | Restricted Control |
| barryview | Barry View | View Only |
| traceyno | Tracey No | No Access |
-
Click Users & Teams from the left navigation pane.
-
Click Create User.
-
Fill out the Create User form with the details provided in the table above. The screenshot below shows the form filled out with the details for the John Full user.
Be sure to make a note of the password that you set for each user. You will need this in future labs.
- Click Create User.
Repeat steps 1-4 for all users in the table above. Be sure to select the appropriate permissions from the Default Permissions dropdown.
Note: The Default Permissions configured in the above step are not the same as the permissions you will set in Step 3. Default Permissions apply to non-labelled resources. The permissions you will set in Step 3 will only apply to resources that are labelled appropriately.
Users can be grouped into teams for simpler management.
This step will walk you through the process of creating a team and adding users to the team.
- Create a team called Engineering by clicking the ** + Create** button shown in the image below.
- Set the TEAM NAME to "Engineering" and make sure TYPE is "Managed".
Managed teams have their accounts and passwords managed by UCP rather than an external LDAP service.
- Make sure the Engineering team is selected and click the Add User to Team button form the Members tab.
- Add all four new users to the team by clicking the Add to Team button next to each of them and then click Done. Do not add yourself (usually "admin") to the team.
All four users are now members of the Engineering team.
Labels are central to permissions in Docker UCP.
In this step you will create a new label and assign the Engineering team "View Only" access to that label. In Step 4 you will start a new container and apply that same label to the container. As a result, members of the Engineering team will have "View Only" access to the container.
- With the Engineering team selected, go to the Permissions tab and click + Add Label.
- Create the following three labels and click Add Label.
| LABEL | PERMISSION |
|---|---|
| view | View Only |
| restricted | Restricted Control |
| run | Full Control |
The labels will now be listed on the Permissions tab of the Engineering team.
In this step you will start a new container with the "view" label. You will also start one or more container without any label.
- Select Containers from the left hand pane, and click + Deploy Container.
- Fill out the Deploy form with the following details and then click Run Container.
Repeat the above steps to deploy one or more containers without any label. Be sure to give each container a unique name.
In the next exercise you will explore the implications of running containers with labels.