CAS roles for Container Cluster Management
CAS roles for Container Cluster Management
Learn about the Container Cluster Management roles for CAS.
Container Cluster Management roles matrix for specific actions
Container Cluster Management provides support for actions on all Kubernetes Objects within a cluster. To enable the actions, the Tenant Administrator must onboard the action in both the service provider tenant and the client tenant, which requires permissions that are endowed with roles for each action. The following table presents each role and the permissions that are endowed with each:
Kubernetes Object Kind | CCM API Permission | Administrator | Editor | Operator |
|---|---|---|---|---|
Namespace | ccm.kubernetes-namespace.create | ✔ | ✔ | ✔ |
ccm.kubernetes-namespace.delete | ✔ | |||
Pod | ccm.kubernetes-pod.create | ✔ | ✔ | ✔ |
ccm.kubernetes-pod.delete | ✔ | |||
Deployment | ccm.kubernetes-deployment.create | ✔ | ✔ | ✔ |
ccm.kubernetes-deployment.delete | ✔ | |||
ReplicaSet | ccm.kubernetes-replicaset.create | ✔ | ✔ | ✔ |
ccm.kubernetes-replicaset.delete | ✔ | |||
StatefulSet | ccm.kubernetes-statefulset.create | ✔ | ✔ | ✔ |
ccm.kubernetes-statefulset.delete | ✔ | |||
DaemonSet | ccm.kubernetes-daemonset.create | ✔ | ✔ | ✔ |
ccm.kubernetes-daemonset.delete | ✔ | |||
Job | ccm.kubernetes-job.create | ✔ | ✔ | ✔ |
ccm.kubernetes-job.delete | ✔ | |||
CronJob | ccm.kubernetes-cronjob.create | ✔ | ✔ | ✔ |
ccm.kubernetes-cronjob.delete | ✔ | |||
Service | ccm.kubernetes-service.create | ✔ | ✔ | ✔ |
ccm.kubernetes-service.delete | ✔ | |||
Ingress | ccm.kubernetes-ingress.create | ✔ | ✔ | ✔ |
ccm.kubernetes-ingress.delete | ✔ | |||
EndpointSlice | ccm.kubernetes-endpointslice.create | ✔ | ✔ | ✔ |
ccm.kubernetes-endpointslice.delete | ✔ | |||
Endpoint | ccm.kubernetes-endpoint.create | ✔ | ✔ | ✔ |
ccm.kubernetes-endpoint.delete | ✔ | |||
ConfigMap | ccm.kubernetes-configmap.create | ✔ | ✔ | ✔ |
ccm.kubernetes-configmap.delete | ✔ | |||
Secret | ccm.kubernetes-secret.create | ✔ | ✔ | ✔ |
ccm.kubernetes-secret.delete | ✔ | |||
HorizontalPodAutoscaler | ccm.kubernetes-horizontalpodautoscaler.create | ✔ | ✔ | ✔ |
ccm.kubernetes-horizontalpodautoscaler.delete | ✔ | |||
PersistentVolumeClaim | ccm.kubernetes-persistentvolumeclaim.create | ✔ | ✔ | ✔ |
ccm.kubernetes-persistentvolumeclaim.delete | ✔ | |||
PersistentVolume | ccm.kubernetes-persistentvolume.create | ✔ | ✔ | ✔ |
ccm.kubernetes-persistentvolume.delete | ✔ | |||
StorageClass | ccm.kubernetes-storageclass.create | ✔ | ✔ | ✔ |
ccm.kubernetes-storageclass.delete | ✔ | |||
ClusterRole | ccm.kubernetes-clusterrole.create | ✔ | ✔ | ✔ |
ccm.kubernetes-clusterrole.delete | ✔ | |||
Role | ccm.kubernetes-role.create | ✔ | ✔ | ✔ |
ccm.kubernetes-role.delete | ✔ | |||
ClusterRoleBinding | ccm.kubernetes-clusterrolebinding.create | ✔ | ✔ | ✔ |
ccm.kubernetes-clusterrolebinding.delete | ✔ | |||
RoleBinding | ccm.kubernetes-rolebinding.create | ✔ | ✔ | ✔ |
ccm.kubernetes-rolebinding.delete | ✔ | |||
ServiceAccount | ccm.kubernetes-serviceaccount.create | ✔ | ✔ | ✔ |
ccm.kubernetes-serviceaccount.delete | ✔ | |||
ResourceQuota | ccm.kubernetes-resourcequota.create | ✔ | ✔ | ✔ |
ccm.kubernetes-resourcequota.delete | ✔ | |||
LimitRange | ccm.kubernetes-limitrange.create | ✔ | ✔ | ✔ |
ccm.kubernetes-limitrange.delete | ✔ | |||
PodDisruptionBudget | ccm.kubernetes-poddisruptionbudget.create | ✔ | ✔ | ✔ |
ccm.kubernetes-poddisruptionbudget.delete | ✔ | |||
NetworkPolicy | ccm.kubernetes-networkpolicy.create | ✔ | ✔ | ✔ |
ccm.kubernetes-networkpolicy.delete | ✔ | |||
PriorityClass | ccm.kubernetes-priorityclass.create | ✔ | ✔ | ✔ |
ccm.kubernetes-priorityclass.delete | ✔ | |||
CustomResourceDefinition | ccm.kubernetes-customresourcedefinition.create | ✔ | ✔ | ✔ |
ccm.kubernetes-customresourcedefinition.delete | ✔ |
CustomResourceDefinition namespaced objects can be created only if the CustomResourceDefinition resource kind is already present in the Cluster.
For information on assigning roles using Identity Access Management, refer to Assigning roles using IAM
Do you have two minutes for a quick survey?
Take Survey
