I haven't found that much info on JupyterHub Groups, as far as I understand it though, there are two groups "admin", and non-admin. Or, rather, there is perhaps only one group "admin". Perhaps one could add a new group - "dashboard-users", whose users would only be allowed to list/launch already existing dashboards, and not a "normal" server. The UI would then reflect your group belonging, as it does with showing the "Admin" tab already.
However, for starters, I would be perfectly fine with some slightly hacky way to throw an error at the non-techies, if they disregard my instructions and actually click these "My Server".
What I'm thinking right now is to experiment with passing in the user name to the notebook server (Docker container), and then have a hook that checks a hard-coded allowed list of users, e.g. in /usr/local/bin/before-notebook.d
, and if not allowed, refuses to start, somehow... It won't be pretty, but might do for now.
I am following the issue with great interest, and I definitely think it could be a very useful feature for many.
Thank you so much for this project, it's going to improve my quality of life at work, immensely, I'm sure!
I was able to implement a hack to disallow "non-technical" users from launching anything but dashboard servers, by adding a script to /usr/local/bin/before-notebook.d/disallow-non-techies.sh like this:
#!/bin/bash
ALLOWED_NB_USERS=(AxelTLarsson)
function assert_allowed_user() {
if [[ ! " ${ALLOWED_NB_USERS[@]} " =~ " ${GITHUB_USER} " ]]; then
# whatever you want to do when array doesn't contain value
echo "${GITHUB_USER} is not allowed to start a normal notebook server"
exit 1
fi
}
if [ -z ${GITHUB_USER+x} ]; then
# If $GITHUB_USER is not set, we are attempting to start a voila (dashboard) server
# => go ahead
echo "Allowing dashboard start"
else
# If GITHUB_USER is not set, we are starting a normal notebook server, check if that is ok
assert_allowed_user
fi
It's not very pretty, and relies on the presence of $GITHUB_USER to determine if it's launching a normal server or a dashboard. So far, it seems to work alright, but I'm eagerly awaiting any development that will obviate this hack.
In your config add:
c.CDSDashboardsConfig.spawn_allow_group = 'spawners-group'
(or whatever named group you want, it will be created if it doesn't exist)
this group will be the only people allowed to spawn servers or create dashboards.
Alternatively use:
c.CDSDashboardsConfig.spawn_block_group = 'viewers-group'
to specify a list of users who should only be viewers - useful if most new users are developers.