...
| Code Block |
|---|
# policy name
- name: rbac_admin_all
# Role (one of admin/viewer/editor)
role: admin
# using inbuilt scope scope_allow_"all"
scope:
type: scope_allow_all |
Scope
A scope defines what data a given user has access to. Kloudfuse platform has following inbuilt (reserved) access types.
...
| Code Block |
|---|
rbac_configs:
- group: group_editor_otel_namespace
policy: rbac_editor_otel_namespace
- group: group_viewer_target_namespace
policy: rbac_viewer_target_namespace |
...
Adding an RBAC User
With SSO
Create user or add user to existing group
Code Block # Group name - name: rbac_group_name # List of users users: - id_key: X-Auth-Request-Email value: user@company.com
Create a RBAC policy or use an existing one
Code Block # policy name - name: rbac_policy_name # creating a viewer policy role: viewer # using inbuilt scope all scope: type: allCreate RBAC config with the group and policy
Code Block rbac_configs: ... - group: rbac_group_name policy: rbac_policy_name
With basic authentication
Create user or add user to existing group
Code Block # Group name - name: rbac_group_name # List of users users: - id_key: X-Auth-Request-User value: my_user_name
Create a RBAC policy or use an existing one
Code Block # policy name - name: rbac_policy_name # creating a viewer policy role: viewer # using inbuilt scope all scope: type: allCreate RBAC config with the group and policy
Code Block rbac_configs: ... - group: rbac_group_name policy: rbac_policy_name