User rights and access management relies on role definitions, which identify the user's identity and define the relationship between the user and the resources that are accessible/operable. When the built-in role does not meet the usage requirements, you can create a custom role for the user based on the actual scenario. The biggest advantage of the custom role is the fine-grained management of the platform resources. Specify which of the specified resources the role has Permissions.
You need to create a project-admin
and ws-admin
, see the Admin Quick Start if not yet.
Sign in with project-admin, enter into one project (e.g. demo-namespace), then select Project Settings → Member Roles.
Click the Create button to create a role, fill in the basic information and set permissions.
For example, we can create a workload-operator role who only owns the workload operation access.
In the authority settings table, the project admin can customize the authority rules of a role to manipulate platform resources, and check the authority settings which are required for the role, such as view, create, edit, and scale out/in of the workload.
Note: Delete authority on resources should be granted carefully.
On the Role List page, click on the role (workload-operator), enter into the role details page to see the current list of role permissions and authorized users.
Click on the Edit button to update description and the authority rules.
Click the Delete button to delete the role. Note that you need to unbind the user associated with the role before deleting the role firstly. The role in using cannot be deleted.