Project Role and Member Management
This tutorial demonstrates how to manage roles and members in a project. At the project level, you can grant permissions in the following modules to a role:
- Application Workloads
- Storage
- Configurations
- Monitoring & Alerting
- Access Control
- Project Settings
Prerequisites
At least one project has been created, such as demo-project
. Besides, you need a user of the admin
role (for example, project-admin
) at the project level. For more information, see Create Workspaces, Projects, Users and Roles.
Built-in Roles
In Project Roles, there are three available built-in roles as shown below. Built-in roles are created automatically by KubeSphere when a project is created and they cannot be edited or deleted. You can only view permissions included in a built-in role or assign it to a user.
Built-in Roles | Description |
---|---|
viewer | Project viewer who can view all resources in the project. |
operator | Project operator who can manage resources other than users and roles in the project. |
admin | Project administrator who has full control over all resources in the project. |
To view the permissions that a role contains:
Log in to the console as
project-admin
. In Project Roles, click a role (for example,admin
) to view the role details.Click the Authorized Users tab to check users that have been granted the role.
Create a Project Role
Navigate to Project Roles under Project Settings.
In Project Roles, click Create and set a role name (for example,
project-monitor
). Click Edit Permissions to continue.In the pop-up window, permissions are categorized into different Modules. In this example, select Application Workload Viewing in Application Workloads, and Alerting Message Viewing and Alerting Policy Viewing in Monitoring & Alerting. Click OK to finish creating the role.
Note
Depends on means the major permission (the one listed after Depends on) needs to be selected first so that the affiliated permission can be assigned.
Newly-created roles will be listed in Project Roles. To edit an existing role, click on the right.
Invite a New Member
Navigate to Project Members under Project Settings, and click Invite.
Invite a user to the project by clicking on the right of it and assign a role to it.
After you add the user to the project, click OK. In Project Members, you can see the user in the list.
To edit the role of an existing user or remove the user from the project, click on the right and select the corresponding operation.