Adding Users to Projects
If you want to provide a user with access and permissions to specific projects and resources within a cluster, assign the user a project membership.
You can add members to a project as it is created, or add them to an existing project.
tip
Want to provide a user with access to all projects within a cluster? See Adding Cluster Members instead.
Adding Members to a New Project
You can add members to a project as you create it (recommended if possible). For details on creating a new project, refer to the cluster administration section.
Adding Members to an Existing Project
Following project creation, you can add users as project members so that they can access its resources.
In the upper left corner, click ☰ > Cluster Management.
On the Clusters page, go to the cluster where you want to add members to a project and click Explore.
Click Cluster > Projects/Namespaces.
Go to the project where you want to add members. Next to the Create Namespace button above the project name, click ☰. Select Edit Config.
In the Members tab, click Add.
Search for the user or group that you want to add to the project.
If external authentication is configured:
Rancher returns users from your external authentication source as you type.
A drop-down allows you to add groups instead of individual users. The dropdown only lists groups that you, the logged in user, are included in.
note
If you are logged in as a local user, external users do not display in your search results.
Assign the user or group Project roles.
Notes:
Users assigned the
Owner
orMember
role for a project automatically inherit thenamespace creation
role. However, this role is a Kubernetes ClusterRole, meaning its scope extends to all projects in the cluster. Therefore, users explicitly assigned theOwner
orMember
role for a project can create or delete namespaces in other projects they’re assigned to, even with only theRead Only
role assigned.By default, the Rancher role of
project-member
inherits from theKubernetes-edit
role, and theproject-owner
role inherits from theKubernetes-admin
role. As such, bothproject-member
andproject-owner
roles will allow for namespace management, including the ability to create and delete namespaces.For
Custom
roles, you can modify the list of individual roles available for assignment.- To add roles to the list, Add a Custom Role.
- To remove roles from the list, Lock/Unlock Roles.
Result: The chosen users are added to the project.
- To revoke project membership, select the user and click Delete. This action deletes membership, not the user.
- To modify a user’s roles in the project, delete them from the project, and then re-add them with modified roles.