PMM admin user has not permissions to disconnect pmm from portal which complicates the troubleshooting when connection was done not properly.
- Log in to PMM as admin user
- Create portal account and organization
- Connect pmmPMMto the Platform using personal account credentials
Steps to reproduce:
- Login to PMM server as PMM-admin user
- Click on the Disconnect button to disconnect PMM from portal
Disconnect not allowed for pmm-admin users - Failed to get access token. Please sign in using the Percona account.
PMM-admin user has an option for force disconnecting PMM-server from the Platform. This will perform some clean-up for the existing connected PMM and reset the configuration.
Once a PMM server is connected to the platform with a percona account, we should be careful who is allowed to disconnect the PMM server. There is currently a technical limitation that the logged-in user must be a percona account. for clarity we will talk about 2
3 different permissions:
- PMM Role (in PMM: viewer or admin). Physical user. Example: admin/admin = Admin
- Platform Organization Role (in the portal, Org admin, Technical User). Example: [email protected] = Technical User
The following two scenarios should allow a user to sever the connection to the platform in order of what is currently capable:
- The user currently logged into PMM with a Percona Account with the Platform Org Role of Org Admin: Should be able to disconnect PMM from the Portal.
- An administrative override (in the event of being unable to communicate with portal) of PMM Role: Admin should be able to disconnect PMM from Portal. ( this is not currently possible due to the need for a token but we must take into account an organization's inability to get a token but still needing to disconnect. Need to be done together with SAAS-899)
Any user logged in that does not meet 1, 2 should see a text tip describing who and how to disconnect. "You do not have permission to disconnect from the platform. You need to be 1) logged in with a Percona Account and 2) your Percona Account must be granted Organization Admin"
If user uses option (2) - we need to warn them "You need also to disconnect PMM from the Portal at ... [LINK to Portal page ]"
Out of scope:
Portal disconnect flow