Cloud Services

Container Cluster Management

CAS roles for Container Cluster Management
Published On Dec 13, 2024 - 7:43 AM

CAS roles for Container Cluster Management

Learn about the Container Cluster Management roles for CAS.

Container Cluster Management roles matrix for specific actions

Container Cluster Management provides support for actions on all Kubernetes Objects within a cluster. To enable the actions, the Tenant Administrator must onboard the action in both the service provider tenant and the client tenant, which requires permissions that are endowed with roles for each action. The following table presents each role and the permissions that are endowed with each:
Kubernetes Object Kind
CCM API Permission
Administrator
Editor
Operator
Namespace
ccm.kubernetes-namespace.create
ccm.kubernetes-namespace.delete
Pod
ccm.kubernetes-pod.create
ccm.kubernetes-pod.delete
Deployment
ccm.kubernetes-deployment.create
ccm.kubernetes-deployment.delete
ReplicaSet
ccm.kubernetes-replicaset.create
ccm.kubernetes-replicaset.delete
StatefulSet
ccm.kubernetes-statefulset.create
ccm.kubernetes-statefulset.delete
DaemonSet
ccm.kubernetes-daemonset.create
ccm.kubernetes-daemonset.delete
Job
ccm.kubernetes-job.create
ccm.kubernetes-job.delete
CronJob
ccm.kubernetes-cronjob.create
ccm.kubernetes-cronjob.delete
Service
ccm.kubernetes-service.create
ccm.kubernetes-service.delete
Ingress
ccm.kubernetes-ingress.create
ccm.kubernetes-ingress.delete
EndpointSlice
ccm.kubernetes-endpointslice.create
ccm.kubernetes-endpointslice.delete
Endpoint
ccm.kubernetes-endpoint.create
ccm.kubernetes-endpoint.delete
ConfigMap
ccm.kubernetes-configmap.create
ccm.kubernetes-configmap.delete
Secret
ccm.kubernetes-secret.create
ccm.kubernetes-secret.delete
HorizontalPodAutoscaler
ccm.kubernetes-horizontalpodautoscaler.create
ccm.kubernetes-horizontalpodautoscaler.delete
PersistentVolumeClaim
ccm.kubernetes-persistentvolumeclaim.create
ccm.kubernetes-persistentvolumeclaim.delete
PersistentVolume
ccm.kubernetes-persistentvolume.create
ccm.kubernetes-persistentvolume.delete
StorageClass
ccm.kubernetes-storageclass.create
ccm.kubernetes-storageclass.delete
ClusterRole
ccm.kubernetes-clusterrole.create
ccm.kubernetes-clusterrole.delete
Role
ccm.kubernetes-role.create
ccm.kubernetes-role.delete
ClusterRoleBinding
ccm.kubernetes-clusterrolebinding.create
ccm.kubernetes-clusterrolebinding.delete
RoleBinding
ccm.kubernetes-rolebinding.create
ccm.kubernetes-rolebinding.delete
ServiceAccount
ccm.kubernetes-serviceaccount.create
ccm.kubernetes-serviceaccount.delete
ResourceQuota
ccm.kubernetes-resourcequota.create
ccm.kubernetes-resourcequota.delete
LimitRange
ccm.kubernetes-limitrange.create
ccm.kubernetes-limitrange.delete
PodDisruptionBudget
ccm.kubernetes-poddisruptionbudget.create
ccm.kubernetes-poddisruptionbudget.delete
NetworkPolicy
ccm.kubernetes-networkpolicy.create
ccm.kubernetes-networkpolicy.delete
PriorityClass
ccm.kubernetes-priorityclass.create
ccm.kubernetes-priorityclass.delete
CustomResourceDefinition
ccm.kubernetes-customresourcedefinition.create
ccm.kubernetes-customresourcedefinition.delete
CustomResourceDefinition namespaced objects can be created only if the CustomResourceDefinition resource kind is already present in the Cluster.
For information on assigning roles using Identity Access Management, refer to Assigning roles using IAM
Do you have two minutes for a quick survey?
Take Survey