Namespace based authentication/filtering

when users connect to temporal UI, want to be able to restrict the workflows based on the namespace they have access to, how can this be achieved?

Thanks,

Kasi

1 Like

Hey kasal,

This is a great question. While this is not something we support today I will say that it’s high priority for us after V1 is complete. I can’t give you an exact timeline about when it will be ready but I’ve tracked your request so I can update you when it’s ready.

As for achieving this today… I think it would be hard to add this in the existing web without changing a lot of code yourself. I’ve tagged @Ruslan in who knows the most about web architecture.

This is part of both server and web ui work, since this has to be supported from server side as well, then supporting authentication and authorization to perform certain tasks based on user/roles.
We will keep you updated after v1 on supporting this, specifically in our blog :raised_hands:

Hi @Ruslan do you have a link to an update regarding this?

hi @nadilas , right!

We’ve released an Authorizer and ClaimMapper plugin interfaces that allow to configure such functionality. You can read more on this here https://docs.temporal.io/docs/server-security#authorization

Here is a default ClaimMapper that implements the interface and provides namespace level authorization https://docs.temporal.io/docs/server-security#default-jwt-claimmapper

Lastly, here is how you can enable OIDC auth on web ui GitHub - temporalio/web: Temporal Web UI

1 Like