Skip to content

User Personas and Feature Flags

Info

Feature Flags are only available on SOCA 25.8.0 and newer

Feature Flags are tools that allow you to manage access control for web interfaces and APIs at the individual user level (including controlling what options users can see in the vertical menu). One of the key benefits is that Feature Flags can be modified (turned on/off or updated) in real-time while your SOCA system is running, without requiring any system restart.

Feature Flags for Web Interface can be configured with various settings:

  • enabled (boolean): False to fully disable a feature for everyone regardless of user lists.
  • allowed_users(list):
  • If enabled: true and allowed_users is empty, it implies all users are allowed unless explicitly denied.
  • If enabled: true and allowed_users is not empty, it implies only those users are allowed unless explicitly denied.
  • denied_users (list): List of users that cannot access the APIs or views.

Other Feature Flags can only be enabled or disabled.

Feature Flag at deployment time

Features Flags are available on default_config.yml. You can choose to enable/disable them during the SOCA installation:

# Enable/Disable specific Web APIs and Views.
# Feature can be enabled/disabled post-deployment via `socactl`
# List of allowed/denied users can also be managed post-deployment via `socactl`
feature_flags:
  WebInterface:
    VirtualDesktops: true # stable
    TargetNodes: true  # stable
    LoginNodes: true # stable
    Hpc: true # stable
    FileBrowser: true # stable
    UsersGroupsManagement: true # stable
    MyApiKeyManagement: true  # stable
    SftpInstructions: true # stable
    MyAccountManagement: true  # stable
    AnalyticsCostManagement: true  # stable
    ContainersManagement: true # feature in preview

Alternatively, you can also manage them post-deployment. See the section below for more information.

Control Feature Flags

You can update your feature flags post deployment using the socactl command-line utility using the /configuration/FeatureFlags hierarchy tree:

# Allow Virtual Desktop APIs and Views for everyone
./socactl config set --key "/configuration/FeatureFlags/WebInterface/VirtualDesktops" \
  --value "{'enabled': True, 'allowed_users': [], 'denied_users': []}"

# Retrieve Feature Flag value 
./socactl config get --key "/configuration/FeatureFlags/WebInterface/VirtualDesktops"
{'enabled': True, 'allowed_users': '[]', 'denied_users': '[]'}

# Disable Feature Flag (Virtual Desktops) for everyone 
./socactl config set --key "/configuration/FeatureFlags/VirtualDesktops" \
   --value "{'enabled': False, 'allowed_users': [], 'denied_users': []}"

# Allow Feature Flag (Virtual Desktops) only for user1
./socactl config set --key "/configuration/FeatureFlags/WebInterface/VirtualDesktops" \
   --value "{'enabled': True, 'allowed_users': ['user1'], 'denied_users': []}"

# Allow Feature Flag (Virtual Desktops) for everyone but user1`
./socactl config set --key "/configuration/FeatureFlags/WebInterface/VirtualDesktops" \
  --value "{'enabled': True, 'allowed_users': [], 'denied_users': ['user1]}"

Important

Make sure to restart the SOCA Web Interface socawebui.sh stop/start for changes to take effect.

Examples

Commands: 

./socactl config set --key "/configuration/FeatureFlags/WebInterface/VirtualDesktops" --value "{'enabled': True, 'allowed_users': [], 'denied_users': []}"
./socactl config set --key "/configuration/FeatureFlags/WebInterface/TargetNodes" --value "{'enabled': True, 'allowed_users': [], 'denied_users': []}"
./socactl config set --key "/configuration/FeatureFlags/WebInterface/LoginNodes" --value "{'enabled': True, 'allowed_users': [], 'denied_users': ['user1']}"
./socactl config set --key "/configuration/FeatureFlags/WebInterface/Hpc" --value "{'enabled': True, 'allowed_users': [], 'denied_users': ['user1']}"
./socactl config set --key "/configuration/FeatureFlags/WebInterface/UsersGroupsManagement" --value "{'enabled': True, 'allowed_users': [], 'denied_users': ['user1']}"
./socactl config set --key "/configuration/FeatureFlags/WebInterface/MyApiKeyManagement" --value "{'enabled': True, 'allowed_users': [], 'denied_users': ['user1']}"
./socactl config set --key "/configuration/FeatureFlags/WebInterface/MyAccountManagement" --value "{'enabled': True, 'allowed_users': [], 'denied_users': ['user1']}"
./socactl config set --key "/configuration/FeatureFlags/WebInterface/AnalyticsCostManagement" --value "{'enabled': True, 'allowed_users': [], 'denied_users': ['user1']}"
./web_interface/socawebui.sh stop
./web_interface/socawebui.sh start

User Permissions Example
user1 Virtual Desktops - Target Nodes - Containers and My Files
user2 All Permissions, no Admin
socaadmin All permissions, including Admin