Hello,
i’m authenticating with OIDC and a local gitlab instance. I’d like to restrict which gitlab users can use grist.
I don’t see an option to do this.
With grafana for example, i can configure “allowed_groups”. I think grist needs this feature also.
This seems related to Self-hosted, single-org & OIDC: default permissions?, and to this Github issue to support the SCIM API for provisioning users: Support SCIM · Issue #870 · gristlabs/grist-core · GitHub.
Grist currently doesn’t support either giving a default permission to all users, or restricting it to users with a certain attribute. Instead, any user who should have access, needs to be added to a team site in “Manage Team” dialog (or can also be added to an individual document), with a suitable role (Viewer/Editor/Owner).
Grist does have an API for adding users, and I believe some organizations have set things up to automate adding users to Grist using that. I don’t have any examples to follow though.