RBAC: Configuration

You must configure kfuse to implement RBAC in your deployment. Copy the following code in your <custom_values.yaml> file and make edits as necessary.

The following sections outline the basic steps and provide examples on how to configure various components of RBAC.

To review general concepts, see Role-Based Access Control (RBAC).

Enable RBAC

The default RBAC policy is a fully-enabled RBAC, with full access.

To enable RBAC, add the following code to the <custom_values.yaml> file:

RBACEnabled: true

Default User Role

2.7.2.png The default user role for new users in Kloudfuse is Editor.

rbacDefaultUserRole: Editor

Admins can change this setting in the UI for individual users. See Assign Roles.

To change the default assignment for new users to Viewer, use rbacDefaultUserRole: Viewer in the values.yaml file instead.

Default Policy

2.7.3.png Users who do not have a Policy assigned through the UI get a default level of access, depending on configuration:

default_rbac_policy: rbac_allow_all

To change the default policy for the various roles, change the default_rbac_policy in the values.yaml file.
See Change a Policy to set the policy in the UI.

Related pages