...
When RBAC is enabled, default policy allows full access. Add following to your <custom_values.yaml> to use your custom policy or remove the default policy of full access to no access.
Example: Default policy to disallow all capabilities
Note: Using “scope_allow_none” as the default policy will ensure that logged in user doesn’t have any capabilities (view data or take actions) in the system. It doesn’t restrict the user from logging in to Kloudfuse system.
| Code Block |
|---|
user-mgmt-service:
config::
# # - in built scope types:
# # scope_allow_all -- this policy grants admin like access
# # scope_viewer_all -- this policy grants viewer access
# # scope_allow_none -- this policy denies all capabilities
# #
default_rbac_policy: scope_allow_none |
Example: Default policy to provide custom scope
| Code Block |
|---|
user-mgmt-service: config: # # - in built scope types: # # scope_allow_all -- this policy grants admin like access # # scope_viewer_all -- inthis policy builtgrants scopeviewer types:access # # scope_allow_all, scope_viewer_all, scope_allow_nonenone -- this policy denies all capabilities # # default_rbac_policy: ""rbac_viewer_target_namespace |
Apply changes
After updating the values.yaml file with the desired configuration, upgrade the kfuse release.
...