Create Platform Roles

This section explains how to create platform roles.

KubeSphere provides the following preset platform roles, and you can also create roles to customize role permissions.

ParameterDescription

platform-admin

The platform administrator has all permissions on the KubeSphere platform.

platform-regular

The role cannot access any resources before joining a workspace, which is typically granted to workspace members who do not need other platform permissions.

platform-self-provisioner

Create workspace and become the administrator of the created workspace.

Prerequisites

You should have the platform-admin role on the KubeSphere platform. For more information, see Users and Platform Roles.

Steps

  1. Log in to the KubeSphere web console with a user who has the {ks_permission} permission.

  2. Click Users and Roles.

  3. Select Platform Roles from the left navigation pane.

  4. Click Create on the page.

  5. In the Create Platform Role dialog, set the name, alias, and description of the platform role, and then click Edit Permissions.

    ParameterDescription

    Name

    Name of the platform role. The name can only contain lowercase letters, numbers, and hyphens (-), must start and end with a lowercase letter or number, and can be up to 63 characters long.

    Alias

    Alias of the platform role. The alias can contain Chinese characters, letters, numbers, and hyphens (-). It must not start or end with a hyphen (-) and can be up to 63 characters long.

    Description

    Description of the platform role. The description can contain any characters and is limited to 256 characters.

  6. In the Edit Permissions dialog, set the permissions for the platform role, and then click OK.

    Users with the platform-admin role can enable and disable extensions. Other required permissions for platform operations are as follows:

    • Workspace

      PermissionOperations Allowed

      Workspace Creation

      Create workspaces and become an administrator of the created projects.

      Workspace Management

      Manage all workspaces and resources within workspaces.

      Workspace Viewing

      View all workspaces and resources within workspaces.

    • Cluster Management

      PermissionOperations Allowed

      Cluster Management

      Create clusters, delete clusters, and manage resources within all clusters.

      Cluster Viewing

      View all clusters and cluster resources.

    • Access Control

      PermissionOperations Allowed

      User Viewing

      View users.

      Role Viewing

      View platform roles.