Skill

admin-interface-security

Secure model registry administrative interfaces with authentication (OIDC/OAuth 2.1), RBAC, MFA, and session management. Use when building or reviewing admin access controls.

security

npx claudepluginhub redhatproductsecurity/prodsec-skills --plugin prodsec-skills

Popularity

Stars

Forks

Invocation

How this skill is triggered — by the user, by Claude, or both

Slash command

/prodsec-skills:admin-interface-security

User invocable

Model invocable

Inline context

Default effort

Context Preview

The summary Claude sees in its skill listing — used to decide when to auto-load this skill

If the model registry has an administrative interface, only identified, authenticated, and authorized users MUST be able to connect to it.

SKILL.md

44 lines · ~479 tokens

Similar Skills

model-registry-secure-storage

Enforces authenticated and authorized access to model registry storage with RBAC, encryption, access logging, and network isolation controls.

prodsec-skills

authorization-models

Guides selection and implementation of authorization models including RBAC, ABAC, ACL, ReBAC, and policy-as-code for permission systems and access control design.

3 files4 tools

security

Harness Auth

Detects OAuth2, JWT, RBAC/ABAC, session management, and MFA patterns in codebases. Evaluates auth security against OWASP guidelines and recommends improvements for tokens, permissions, and MFA. Useful for auth flow audits and PR reviews.

1 file

harness-claude

Stats

LanguagePython

Stars28

Forks2

MaintenanceExcellent

Last CommitMay 20, 2026

Actions

View Source View Plugin View on GitHub View README

Help us improve

Share bugs, ideas, or general feedback.

Stats

Actions

Help us improve

Share bugs, ideas, or general feedback.

Model Registry Administrative Interface Security

Security Requirement

If the model registry has an administrative interface, only identified, authenticated, and authorized users MUST be able to connect to it.

Required Controls

Control

Description

Identification

Every admin user must have a unique identity (no shared accounts)

Authentication

Standard authentication mechanism (OIDC/OAuth 2.1 recommended)

Authorization

RBAC or ABAC to control which admin operations each user can perform

Multi-factor authentication

MFA recommended for administrative access

Session management

Short-lived sessions with automatic timeout

Admin Operations to Protect

Operation

Risk

Model upload/publish

Introducing malicious or backdoored models

Model deletion

Removing approved models, causing service disruption

Access control changes

Granting unauthorized users access to models

Configuration changes

Weakening security settings

Registry metadata modification

Altering model provenance information

Implementation Checklist

Require authentication for all administrative access (no anonymous admin)

Integrate with OIDC Identity Provider for admin authentication

Implement RBAC with least-privilege roles for admin operations

Enforce MFA for admin accounts

Use short-lived sessions with automatic timeout

Log all administrative actions with the authenticated user's identity

Restrict admin interface to internal networks or VPN where possible

Disable default/shared admin accounts

Model Registry Administrative Interface Security

Security Requirement

If the model registry has an administrative interface, only identified, authenticated, and authorized users MUST be able to connect to it.

Required Controls

Control	Description
Identification	Every admin user must have a unique identity (no shared accounts)
Authentication	Standard authentication mechanism (OIDC/OAuth 2.1 recommended)
Authorization	RBAC or ABAC to control which admin operations each user can perform
Multi-factor authentication	MFA recommended for administrative access
Session management	Short-lived sessions with automatic timeout

Admin Operations to Protect

Operation	Risk
Model upload/publish	Introducing malicious or backdoored models
Model deletion	Removing approved models, causing service disruption
Access control changes	Granting unauthorized users access to models
Configuration changes	Weakening security settings
Registry metadata modification	Altering model provenance information

Implementation Checklist

Require authentication for all administrative access (no anonymous admin)
Integrate with OIDC Identity Provider for admin authentication
Implement RBAC with least-privilege roles for admin operations
Enforce MFA for admin accounts
Use short-lived sessions with automatic timeout
Log all administrative actions with the authenticated user's identity
Restrict admin interface to internal networks or VPN where possible
Disable default/shared admin accounts

admin-interface-security

Popularity

Invocation

Context Preview

SKILL.md

Similar Skills

Help us improve

Help us improve

Find plugins for your project

admin-interface-security

Popularity

Invocation

Context Preview

SKILL.md

Model Registry Administrative Interface Security

Security Requirement

Required Controls

Admin Operations to Protect

Implementation Checklist

Similar Skills

Help us improve

Model Registry Administrative Interface Security

Security Requirement

Required Controls

Admin Operations to Protect

Implementation Checklist