...
| Code Block |
|---|
# user-mgmt-service:
# config:
# # Learn more:
# # - "reserved" built group names (should not to be used):
# # "kf_admin", "kf_reader_all"
# # - in built scope types:
# # scope_allow_all, scope_viewer_all, scope_allow_none
# # - role types:
# # admin, editor, viewer
# #
# groups:
# - name: group_admin
# users:
# - id_key: X-Auth-Request-Email
# value: admin1@company.com
# - name: group_viewer_target_namespace
# users:
# - id_key: X-Auth-Request-Email
# value: op1@company.com
# - name: group_editor_otel_namespace
# users:
# - id_key: X-Auth-Request-User
# value: maintainer2userid
# rbac_policies:
# - name: rbac_viewer_target_namespace
# role: viewer
# scope:
# filters:
# - key: kube_namespace
# op: =
# value: target
# type: custom
# - name: rbac_editor_otel_namespace
# role: editor
# scope:
# filters:
# - key: kube_namespace
# op: =
# value: otel-demo-app
# type: custom
# rbac_configs:
# - group: group_admin
# policy: scope_allow_all
# - group: group_viewer_target_namespace
# policy: rbac_viewer_target_namespace
# - group: group_editor_otel_namespace
# policy: rbac_editor_otel_namespace |
Concepts
Roles & Capabilities
kloudfuse platform has following roles and their capabilities.
...
** Only for user with admin role
...
Role Based Data Access
As part of RBAC implementation, a user can also achieve role based data access (view). To achieve this,
...