Introduction

Role Introduction

The platform's user role management is implemented using Kubernetes RBAC (Role-Based Access Control). This system enables flexible permission configuration by associating roles with users.

A role represents a collection of permissions for operating Kubernetes resources on the platform. These permissions include:

Creating resources
Viewing resources
Updating resources
Deleting resources

Roles classify and combine permissions for different resources. By assigning roles to users and setting permission scopes, you can quickly grant resource operation permissions.

Permissions can be revoked just as easily by removing roles from users.

A role can have:

One or more resource types
One or more operation permissions
Multiple users assigned to it

For example:

Role A: Can only view and create projects
Role B: Can create, view, update, and delete users, projects, and namespaces

System Roles

To meet common permission configuration scenarios, the platform provides the following default system roles. These roles enable flexible access control for platform resources and efficient permission management for users.

Role Name	Description	Role Level
Platform Administrator	Has full access to all business and resources on the platform	Platform
Platform Auditors	Can view all platform resources and operation records, but has no other permissions	Platform
Cluster Administrator (Alpha)	Manages and maintains cluster resources with full access to all cluster-level resources	Cluster
Project Administrator	Manages namespace administrators and namespace quotas	Project
namespace-admin-system	Manages namespace members and role assignments	Namespace
Developers	Develops, deploys, and maintains custom applications within namespaces	Namespace

Custom Roles

The platform supports custom roles to enhance resource access control scenarios. Custom roles offer several advantages over system roles:

Flexible permission configuration
Ability to update role permissions
Option to delete roles when no longer needed

WARNING

Exercise caution when updating or deleting custom roles. Deleting a custom role will automatically revoke all permissions granted by that role to bound users.

ON THIS PAGE

How to

Architecture

Concepts

Guides

How To

Trouble Shooting

Concepts

Guides

How To

Troubleshooting

Install

Concepts

Guides

How To

Disaster Recovery

Concepts

Guides

How To

Guides

Compliance

Install

API Refiner

User

Guides

Group

Guides

Role

Guides

IDP

Guides

Troubleshooting

User Policy

Guides

Overview

Images

Guides

How To

Virtual Machine

Guides

How To

Troubleshooting

Network

Guides

How To

Storage

Guides

Backup and Recovery

Guides

Concepts

Guides

Pre-Application Creation Preparation

Creating Applications

Creating Workloads

Actions You Can Take After Creating an Application

Configuring Network

Using Services

Using Ingresses

Using Gateways and Route Rules

Using LoadBalancers

Operation and Maintenance

Catalog

Pod and Container

Pod

Container

How To

Concepts

Guides

How To

Install

Guides

How To

Concepts

Guides

Argo CD Concept

Alauda Container Platform GitOps Concepts

Creating GitOps Application

GitOps Observability

Architecture

Guides

How To