Cluster and Namespace Authorization¶
Container management implements authorization based on global authority management and global user/group management. If you need to grant users the highest authority for container management (can create, manage, and delete all clusters), refer to What are Access Control.
Prerequisites¶
Before authorizing users/groups, complete the following preparations:
-
The user/group to be authorized has been created in the global management, refer to user.
-
Only Kpanda Owner and
Cluster Admin
of the current cluster have Cluster authorization capability. For details, refer to Permission Description. -
only Kpanda Owner ,
Cluster Admin
for the current cluster,NS Admin
of the current namespace has namespace authorization capability.
Cluster Authorization¶
-
After the user logs in to the platform, click Privilege Management under Container Management on the left menu bar, which is located on the Cluster Permissions tab by default.
-
Click the Add Authorization button.
-
On the Add Cluster Permission page, select the target cluster, the user/group to be authorized, and click OK .
Currently, the only cluster role supported is Cluster Admin . For details about permissions, refer to Permission Description. If you need to authorize multiple users/groups at the same time, you can click Add User Permissions to add multiple times.
-
Return to the cluster permission management page, and a message appears on the screen: Cluster permission added successfully .
Namespace Authorization¶
-
After the user logs in to the platform, click Permissions under Container Management on the left menu bar, and click the Namespace Permissions tab.
-
Click the Add Authorization button. On the Add Namespace Permission page, select the target cluster, target namespace, and user/group to be authorized, and click OK .
The currently supported namespace roles are NS Admin, NS Editor, and NS Viewer. For details about permissions, refer to Permission Description. If you need to authorize multiple users/groups at the same time, you can click Add User Permission to add multiple times. Click OK to complete the permission authorization.
-
Return to the namespace permission management page, and a message appears on the screen: Cluster permission added successfully .
Tip
If you need to delete or edit permissions later, you can click ┇ on the right side of the list and select Edit or Delete .