User and role management
User and role management
User and role management
Learn how to grant appropriate access to your users in accodance with the type of cluster data they need.
Administrators are tasked with managing platform access effectively in the Container Cluster Management Application. To that end, Container Cluster Management uses a role-driven access model. Administrators use an IAM module to enable access to users tailored to their individual operational requirements within the service, which is crucial for enabling appropriate data retrieval.
The following sections provide instructions and other information necessary to grant the appropriate access to your users.
Prerequisites
The only requirement for IAM access is that you must be assigned the Administrator role.
Setting User Access
Users that become Container Cluster Management members can collaborate within the service with different levels of responsibilities based on specific needs and the specific roles assigned to each member. To invite users, complete the following procedure:
- Select the main menu located at the upper left corner to display the navigation menu.
- SelectSettings→Service IAM. The service navigates to the IAM page, enabling the management of user identities and regulation of user access type.
- SelectAdd→Add Users. On the Add Users page, you can configure the email invitation to send to the user. When selecting the invitation advance preferences next to the settings icon, the service provides two drop-down menus to configure the language of the invitation email to send the user and the selection of the Identity Provider.
- Enter the user's or users' email address and choose each user you want to invite. The service allows up to 100 emails per invitation.
- Select the role for the user; currently, one role is supported:Viewer
- Select theAddbutton at the bottom right of the page. A success message will be displayed with the date and time that the invitation was sent.
Though only the View role is valid, users can be assigned what type of data, such as clusters, alerts, and pod logs, they can view. The following section presents the specific view roles that are available.
Container Cluster Management roles
The users with viewer roles will only access clusters as viewers and cannot add or alter any clusters. This role has the following permissions:
- ccm.clusters.view
- ccm.cluster.view
- ccm.clusters-alerts.view
- ccm.geolocation-aggregates.view
- ccm.provider-aggregates.view
- ccm.pod-logs.download
- ccm.cluster-data.view
- ccm.prometheus-alerts.view
- ccm.prometheus-pod-metrics.view
- ccm.prometheus-node-metrics.view
- ccm.prometheus-stats.view
- ccm.discovery-clusters.view
- ccm.cluster-alerts.view
- ccm.custom-views.view
- ccm.custom-views.create
- ccm.custom-views.update
- ccm.custom-views.delete
- ccm.kubernetes-resource-types.view
Container Cluster Management permissions
Container Cluster Management supports the following permissions:
Permission ID | Permission Name | Description |
|---|---|---|
ccm.clusters.view | CCM Clusters View | Allow to view clusters list |
ccm.cluster.view | CCM Cluster View | Allow to view individual cluster details |
ccm.clusters-alerts.view | CCM Clusters Alerts View | Allow to view alerts of all clusters |
ccm.geolocation-aggregates.view | CCM Geolocation Aggregates View | Allow to view cluster geolocation aggregates |
ccm.provider-aggregates.view | CCM Provider Aggregates View | Allow to view cluster provider aggregates |
ccm.pod-logs.download | CCM Pod Logs Download | Allow to download pod logs |
ccm.cluster-data.view | CCM Cluster Data View | Allow to view cluster data |
ccm.prometheus-alerts.view | CCM Prometheus Alerts View | Allow to view cluster alerts |
ccm.prometheus-pod-metrics.view | CCM Prometheus Pod Metrics View | Allow to view cluster pod-metrics |
ccm.prometheus-node-metrics.view | CCM Prometheus Node Metrics View | Allow to view cluster node-metrics |
ccm.prometheus-stats.view | CCM Prometheus Stats View | Allow to view cluster stats |
ccm.discovery-clusters.view | CCM Discovery Clusters View | Allow to view discovery clusters |
ccm.discovery-clusters.create | CCM Discovery Clusters Create | Allow to create discovery clusters |
ccm.discovery-clusters.update | CCM Discovery Clusters Update | Allow to update discovery clusters |
ccm.discovery-clusters.delete | CCM Discovery Clusters Delete | Allow to delete discovery clusters |
ccm.cluster-alerts.view | CCM Cluster Alerts View | Allow to view alerts of a cluster |
ccm.custom-views.view | CCM Custom views View | Allow to view custom views |
ccm.custom-views.create | CCM Custom views Create | Allow to create custom views |
ccm.custom-views.update | CCM Custom views Update | Allow to update custom views |
ccm.custom-views.delete | CCM Custom views Delete | Allow to delete custom views |
ccm.kubernetes-resource-types.view | CCM Kubernetes resource types view | Allow to view Kubernetes resource types list |
Do you have two minutes for a quick survey?
Take Survey
