Temporal Web UI options for login/role based access

Hi,

Have a few queries around Temporal Web UI security as below :

  1. Is there any way to have login screen for Temporal Web UI, where username/password can be entered and login using the same? If yes, what is the mechanism of creating users for login…
  2. Also, is there a provision to enable/disable “Terminate Workflow” button or certain other actions in Temporal Web UI to a set of users based on certain roles etc.?

For 1) Temporal web supports OIDC. You can for example set it up via docker env vars
TEMPORAL_AUTH_* key.
Another option is via yaml config, see here.

Will get back to you regarding second question, assuming you are using web ui v2, right?

Ok, will check on point 1. Right now, we are using Web version, but we are open to switch to v2 version. Also, is v2 version published for production setup?

but we are open to switch to v2 version

I think you should consider it. All updates/fixes/new features are going to be added to v2 only from now on. v1 is deprecated in that regard.

v2 dockerhub images (tags): Docker Hub
docker setup example: docker-compose/docker-compose.yml at main · temporalio/docker-compose · GitHub
helm charts have also been updated to use v2.

1 Like

is there a provision to enable/disable “Terminate Workflow” button

v1: GitHub - temporalio/web: Temporal Web UI - TEMPORAL_PERMIT_WRITE_API flag
v2: not yet implemented: [0.9.0] Allow disabling write operations · Issue #425 · temporalio/ui · GitHub

But is there no way to set this flag…based on the logged in user?

I don’t think so currently.

Hi,

@tihomir We tried deploying v2 UI using helm chart but facing issue as below when trying to open detailed view of a workflow :

I have 1.14.0 version of temporal server deployed. Please guide.

GetWorkflowExeutionHistoryInReverse api was added in 1.16.0.

Let me check with web team and get back to you on this as it seems 1.16.0 or later is currently a hard requirement.

Yes, there is a requirement for server version 1.16.0 or later, web team updated the readme here as well as docs (pr: here)
Web v2 uses GetWorkflowExeutionHistoryInReverse as it allows reversing workflow history view.

We are discussing this internally and if there is a decision to lift this requirement or a way to maybe bypass this issue will update here.

Ok…Thanks @tihomir for the update.

@poojabhutada

web team was able to remove this current restriction, see issue here. this should be available in the next ui release.