Skip to content

System Roles

Use cases

AI platform provides predefined system roles to help users simplify the process of role permission usage.

Note

AI platform provides three types of system roles: platform role, workspace role, and folder role.

  • Platform role: has proper permissions for all related resources on the platform. Please go to user/group page for authorization.
  • Workspace role: has proper permissions for a specific workspace. Please go to the specific workspace page for authorization.
  • Folder role: has proper permissions for a specific folder, subfolder, and resources under its workspace. Please go to the specific folder page for authorization.

Platform Roles

Five system roles are predefined in Access Control: Admin, IAM Owner, Audit Owner, Kpanda Owner, and Workspace and Folder Owner. These five roles are created by the system and cannot be modified by users. The proper permissions of each role are as follows:

Role Name Role Type Module Role Permissions
Admin System role All Platform administrator, manages all platform resources, represents the highest authority of the platform.
IAM Owner System role Access Control Administrator of Access Control, has all permissions under this service, such as managing users/groups and authorization.
Audit Owner System role Audit Log Administrator of Audit Log, has all permissions under this service, such as setting audit log policies and exporting audit logs.
Kpanda Owner System role Container Management Administrator of Container Management, has all permissions under this service, such as creating/accessing clusters, deploying applications, granting cluster/namespace-related permissions to users/groups.
Workspace and Folder Owner System role Workspace and Folder Administrator of Workspace and Folder, has all permissions under this service, such as creating folders/workspaces, authorizing folder/workspace-related permissions to users/groups.

Workspace Roles

Three system roles are predefined in Access Control: Workspace Admin, Workspace Editor, and Workspace Viewer. These three roles are created by the system and cannot be modified by users. The proper permissions of each role are as follows:

Role Name Role Type Module Role Permissions
Workspace Admin System role Workspace Administrator of a workspace, with management permission of the workspace.
Workspace Editor System role Workspace Editor of a workspace, with editing permission of the workspace.
Workspace Viewer System role Workspace Viewer of a workspace, with readonly permission of the workspace.

Folder Roles

Three system roles are predefined in Access Control: Folder Admin, Folder Editor, and Folder Viewer. These three roles are created by the system and cannot be modified by users. The proper permissions of each role are as follows:

Role Name Role Type Module Role Permissions
Folder Admin System role Workspace Administrator of a folder and its subfolders/workspaces, with management permission.
Folder Editor System role Workspace Editor of a folder and its subfolders/workspaces, with editing permission.
Folder Viewer System role Workspace Viewer of a folder and its subfolders/workspaces, with readonly permission.