On our docker cluster, we use volumes based on NFSv3 shares. Because of NFSv3, we can’t manage access permissions by users authentification or IP. So one workaround would be that admins create volumes and assigned them to a collection. Then users can attach volumes on their stack based on collection Grants and Roles.
Unfortunately, Create and Attach are bind in the same permission (aka Volume Create/Attach). So my feature request would be to split this permission in two separate permission ?