Services

Explore Kyndryl Bridge Services

User and role management
Published On Jun 15, 2026 - 1:11 PM

User and role management

Learn how to grant appropriate access to users based on the type of cluster data they need.
Administrators are responsible for managing platform access effectively in Container Cluster Management. To that end, Container Cluster Management uses a role-driven access model. Administrators use an IAM module to grant access to users tailored to their individual operational requirements within the service, which is crucial for enabling appropriate data retrieval.
The following sections provide the instructions and information needed to grant appropriate access to your users.

Prerequisites

To access Service IAM, you must be assigned the Administrator role.

Setting user access

Users who become Container Cluster Management members can collaborate within the service with different levels of responsibility based on specific needs and the roles assigned to each member.
To invite users, complete the following procedure:
  1. Select the main menu in the upper-left corner to display the navigation panel.
  2. Select
    Settings
    , then
    Service IAM
    . The service opens the IAM page, where you can manage user identities and access.
  3. Select
    Add
     and click on
    Add Users
    .
  4. On the
    Add Users
     page, you can configure the email invitation sent to the user. When you select the invitation advanced preferences next to the settings icon, the service provides two drop-down menus to set the email language and select the
    Identity Provider
    .
  5. Enter one or more email addresses and select the users you want to invite. The service allows up to 100 email addresses per invitation.
  6. Select the role for the user. Currently, only the
    Viewer
    role is supported.
  7. Select the
    Add
     button at the bottom-right of the page. A success message displays the date and time the invitation was sent.
Although only the View role is available, users can be assigned the types of data they can access, such as clusters, alerts and pod logs. The following section describes the available view roles.

Container Cluster Management roles

Users with the Viewer role can only access clusters in a read-only mode and cannot add or modify any clusters. This Viewer role allows the following permissions:
  • ccm.clusters.view
  • ccm.cluster.view
  • ccm.clusters-alerts.view
  • ccm.geolocation-aggregates.view
  • ccm.provider-aggregates.view
  • ccm.pod-logs.download
  • ccm.cluster-data.view
  • ccm.prometheus-alerts.view
  • ccm.prometheus-pod-metrics.view
  • ccm.prometheus-node-metrics.view
  • ccm.prometheus-stats.view
  • ccm.discovery-clusters.view
  • ccm.cluster-alerts.view
  • ccm.custom-views.view
  • ccm.custom-views.create
  • ccm.custom-views.update
  • ccm.custom-views.delete
  • ccm.kubernetes-resource-types.view

Container Cluster Management permissions

Container Cluster Management supports the following permissions:
Permission ID
Permission Name
Description
ccm.clusters.view
CCM Clusters View
Allow to view clusters list
ccm.cluster.view
CCM Cluster View
Allow to view individual cluster details
ccm.clusters-alerts.view
CCM Clusters Alerts View
Allow to view alerts of all clusters
ccm.geolocation-aggregates.view
CCM Geolocation Aggregates View
Allow to view cluster geolocation aggregates
ccm.provider-aggregates.view
CCM Provider Aggregates View
Allow to view cluster provider aggregates
ccm.pod-logs.download
CCM Pod Logs Download
Allow to download pod logs
ccm.cluster-data.view
CCM Cluster Data View
Allow to view cluster data
ccm.prometheus-alerts.view
CCM Prometheus Alerts View
Allow to view cluster alerts
ccm.prometheus-pod-metrics.view
CCM Prometheus Pod Metrics View
Allow to view cluster pod-metrics
ccm.prometheus-node-metrics.view
CCM Prometheus Node Metrics View
Allow to view cluster node-metrics
ccm.prometheus-stats.view
CCM Prometheus Stats View
Allow to view cluster stats
ccm.discovery-clusters.view
CCM Discovery Clusters View
Allow to view discovery clusters
ccm.discovery-clusters.create
CCM Discovery Clusters Create
Allow to create discovery clusters
ccm.discovery-clusters.update
CCM Discovery Clusters Update
Allow to update discovery clusters
ccm.discovery-clusters.delete
CCM Discovery Clusters Delete
Allow to delete discovery clusters
ccm.cluster-alerts.view
CCM Cluster Alerts View
Allow to view alerts of a cluster
ccm.custom-views.view
CCM Custom views View
Allow to view custom views
ccm.custom-views.create
CCM Custom views Create
Allow to create custom views
ccm.custom-views.update
CCM Custom views Update
Allow to update custom views
ccm.custom-views.delete
CCM Custom views Delete
Allow to delete custom views
ccm.kubernetes-resource-types.view
CCM Kubernetes resource types view
Allow to view Kubernetes resource types list
Do you have two minutes for a quick survey?
Take Survey