API request failed (403): Action is not authorized with current scopes; requires any of [delete:servers]

JupyterHub
1

I have started to experience problems with Jupyterhub (2.0.2). I understand I now need to define scopes for the roles to be able to do anything. I am admin user as well but when I login, I have only read:servers right. I can’t even see server progress ( “Action is not authorized with current scopes; requires any of [read:servers]”). I have added the code below (with right usernames) to my config.yaml (I am using Helm) but nothing happens. Not sure how can I resolve this. Any help is appreciated. Thanks

# in jupyterhub_config.py

c.JupyterHub.load_roles = [
 {
   'name': 'server-rights',
   'description': 'Allows parties to start and stop user servers',
   'scopes': ['servers'],
   'users': ['alice', 'bob'],
   'services': ['idle-culler'],
   'groups': ['admin-group'],
 }
]
1 Like
2

@melnur Were you able to assign the correct rbac roles? I am unable to see the admin UI despite being an admin user, on the hub I see that be to able to see server progress i need read:server, but what role/user/service/server needs this scope? I am also unable to stop my own running server (I am admin under c.authenticator.admin_users and tried creating a separate role as well). I tried multiple combinations of rbac scope assignments.

  1. I would like all users to : start stop and view their named servers and see their own server spawn progress
  2. would like admin user permissions to work as expected
3

@yashali JupyterHub 3 added a distinct admin-ui scope for access to the admin UI, independent of any actions taken there. For full admin panel permissions, you need admin-ui, list:users, admin:users, admin:servers. Or if you only use the admin UI for managing servers, just admin-ui, list:users, admin:servers.

4

@minrk - is there a place to look up these details? i’m running the current dev helm chart (2.0.1-0.dev.git.5987.h46a632f5) and ran into similar issues where the user logging in cannot see the progress bar. the yaml config file we are using is here: kbhub/config.yaml.j2 at 71bc222d2eecd9d45c32576f1bf1a48384ae533e · atlaskb/kbhub · GitHub . i tried to override admin role, but it complained that i can’t override anything in admin. i tried to comb through the documentation, but didn’t quite find how to add to the yaml config. i’m also fine with switching to 2.0.0 helm chart, if these are very much in the development phase.