Introduction
TOC
Role Introduction
The platform's user role management is implemented using Kubernetes RBAC (Role-Based Access Control). This system enables flexible permission configuration by associating roles with users.
A role represents a collection of permissions for operating Kubernetes resources on the platform. These permissions include:
- Creating resources
- Viewing resources
- Updating resources
- Deleting resources
Roles classify and combine permissions for different resources. By assigning roles to users and setting permission scopes, you can quickly grant resource operation permissions.
Permissions can be revoked just as easily by removing roles from users.
A role can have:
- One or more resource types
- One or more operation permissions
- Multiple users assigned to it
For example:
- Role A: Can only view and create projects
- Role B: Can create, view, update, and delete users, projects, and namespaces
System Roles
To meet common permission configuration scenarios, the platform provides the following default system roles. These roles enable flexible access control for platform resources and efficient permission management for users.
Custom Roles
The platform supports custom roles to enhance resource access control scenarios. Custom roles offer several advantages over system roles:
- Flexible permission configuration
- Ability to update role permissions
- Option to delete roles when no longer needed
Exercise caution when updating or deleting custom roles. Deleting a custom role will automatically revoke all permissions granted by that role to bound users.