RBAC: Using the Admin Tab

New Feature

  • Starting with Release 2.7.2, Kloudfuse manages RBAC through the User Interface. It no longer supports policy configuration at script level.

  • Follow these Upgrade Instructions to fully migrate your existing KloudFuse RBAC configuration to release 2.7.2.

2.7.2.png Use the Admin tab to perform the various RBAC workflows and configurations through the UI:

image-20240822-183640.png
The Admin tab

Manage Users

This section covers topics related to managing users in Kloudfuse.

  • User management actions can be performed only by users with Admin privileges.

  • Kloudfuse fully provisions users on their initial (first) login.

image-20240822-184424.png
User Management interface

To manage users, follow these steps:

  1. Click the Admin tab.

  2. Select User Management from the menu.

  3. The User Management interface appears. It contains the following:

    1. Search bar to locate specific users

    2. List of users, including their Name, Login, Email, and Role.

Proceed to make changes, as described in Assign Roles, Assign Names, and Delete a User.

Assign Roles

There are three possible roles for users: Admin (can change roles and permissions), Editor (can make some changes), and Viewer (can only view data, but cannot make any changes).

By default, Kloudfuse assigns the Editor role to all users. Each organization can configure their own choice of default role for new users.

To change the user’s role, follow these steps:

  1. Hover your pointer over the Role you plan to change.
    Here, we are changing the role of user7, who is currently and Editor.

  2. When the Edit (pencil) icon appears, click on it.

  3. The User Management interface changes to show the detail of the specific user.

  4. In the Role section, click Change Role.

  5. When the Role menu appears, select a new role.
    Here, we are change the role from Editor to Admin.

  6. Click Save.

You should see a notification that Kloudfuse changed the role successfully.

The User Management interface now lists user7 as Admin.

Assign Names

When a user first signs into Kloudfuse, they don’t automatically have their name added to the system.

To assign the name, follow these steps:

  1. Hover your pointer over the role of the user to whom you plan to assign a name.
    Here, we are changing the name of user7.

  2. When the Edit (pencil) icon appears, click on it.

  3. The User Management interface changes to show the detail of the specific user.

  4. In the Name section, click the Edit (pencil) icon.

  5. In the Enter name field, enter the name of the user.

  6. Click Save.

You should see a notification that Kloudfuse changed the name successfully.

The User Management interface now lists user7 as Pippi Longstocking.

Delete a User

Admins can also delete users from the Kloudfuse system.

Follow these theps

  1. Hover your pointer over the role of the user you plan to delete from the system.

  2. When the Delete (trashcan) icon appears, click it.
    Here, we are deleting user15.

  3. Kloudfuse prompts you to confirm deleting a user.
    You can click Delete to confirm, or Cancel to stop deleting the user.

You should see a notification that Kloudfuse deleted the user successfully.

The User Management interface no longer lists user15.

Manage Folders

In Kloudfuse, Folder Management controls access to Dashboards and Alerts.

You can Create a Folder, Update Folder Name, Change Folder Permissions, Add Folder Permissions, Delete Folder Permissions, and Delete Folders.

Using folders, you can also isolate specific dashboards and alerts from being changed by both editors and viewers. See Limit Editor Access.

Create a Folder

  1. Click the Add New Folder button.

  2. The Create Folder interface appears.

  3. In the Create Folder interface, enter the Folder name, and click Create New Folder.
    Here, we create a folder named MyFirstFolder.

  4. Kloudfuse notifies you that you successfully added a new folder.

The new folder now appears in the Folder Management interface.

Update Folder Name

  1. Hover your pointer over the Folder Name that you plan to change.

  2. When the Edit (pencil) icon appears, click on it.

  3. The Update Folder interface appears.

  4. In the Folder Name field, change the name.
    Here, we update the name of the folder to forecast.

  5. Click Update Folder.

Change Folder Permissions

  1. Hover your pointer over the Folder Name field of the folder you plan to change

  2. When the Permission Settings (gear) icon appears, click it.
    Here, we change the permissions for folder forecast.

  3. The Folder Settings of forecast interface appears.
    Folder settings include assignments by Role (these correspond to Grafana roles), by individual User (if present), and by Group (if present).

  4. For example, to give users with Viewer role permissions to change the folder contents, set that permission to Editor.

  5. To add more permissions to the same folder, see Add Folder Permissions.
    To delete permissions, see Delete Folder Permissions.

  6. When you complete adding or changing folder permissions, close the Folder Settings interface.

Add Folder Permissions

  1. To add additional permissions to the folder, click the Add Permission to Folder button in the Folder Settings interface.

  2. The interface shows options for defining the new permission where you can specify the level of the permission (at User, Group, or Role level), search, and choose the permission level (Admin, Edit, View).

     

  3. Here, we grant Edit permissions to the favorite_people group.

  4. Click Save.

  5. Kloudfuse notifies you that you successfully added the group (or user, or role) to the folder.

  6. The Folder Settings interface displays the entity that has new permissions to the folder.
    Here, because favorite_people is the first group with permissions to the folder, the interface has a new Groups section.

  7. When you complete adding or changing folder permissions, close the Folder Settings interface.

Delete Folder Permissions

  1. The Role for Admins is fixed, and you cannot delete it.
    Hover your pointer at the right-hand of the line, and click the Lock icon. Note that nothing happens.

     

  2. You can remove the other two roles, Editor and Viewer.
    Hover your pointer at the right-hand side of the line, and click the Delete (cross) icon.
    In both cases, Kloudfuse notifies you that it successfully removed these roles.

     

  3. Similarly, you can remove the folder permissions for both Users and Groups.

  4. When you finish deleting folder permissions, close the Folder Settings interface.

Delete a Folder

The Folder Management interface provides an option for deleting a folder.

To delete a folder, follow these steps:

  1. Hover your pointer over

  2. When the Delete (trashcan) icon appears, click it.

     

  3. Kloudfuse prompts you to confirm deleting a folder.
    You can click Delete to confirm, or Cancel to stop deleting the folder.

You should see a notification that Kloudfuse deleted the folder successfully.

The Folder Management interface no longer lists My1stFolder.

Limit Editor Access

It is possible for a user with Editor role to create dashboards and alerts that only they and users with Admin role can change. All other users with Edit role can only view these dashboards and alerts.

To accomplish this, follow these steps:

  1. Create a new folder.
    Here, we create the folder Limited Access.
    See Create Folder.

  2. Kloudfuse adds the new folder to the Folder Management interface.

  3. Hover your pointer over the name field of the Limited Access folder, and click the Configuration (gear) icon.

  4. In the Change Settings for Limited Access interface, change the Editor role permissions on the folder to Viewer.

  5. Create new dashboards and alerts in your folder.
    If you move existing dashboards and alerts into the new folder, they keep their own access permissions, and may still be edited by other users with Editor role.

  6. Have another user with Editor role sign into the system, and attempt to open the configuration of the folder.
    They should see an error.

  7. Similarly, when they review Dashboards and Alerts in the Limited Access folder, they cannot edit or delete them.

Manage Groups

This section discusses topics related to managing groups in Kloudfuse.

To manage groups, follow these steps.

  1. Click the Admin tab.

  2. Select Group Management from the menu.

  3. The Group Management interface appears. It contains the following:

    1. Search bar to locate specific groups

    2. Add New Group button

    3. List of existing groups, including the group Name, Email, and the number of Members.

Proceed to make changes, as described in Find a Group, Create a New Group, Assign Group Members, Change a Member’s Permissions, Update Group Email, and Delete a Group.

Find a Group

In large organizations, it may be hard to find an existing group.

Kloudfuse enables easy find through our Search function.

  1. In Group Management, click the Search bar.

  2. Start typing the key word, and Kloudfuse automatically filters the list of potential matches.
    Here, we are looking the group we created in Create a New Group, favorite_people.

  3. When you find the group you plan to change, hover over the Members field, and select the Edit (pencil) icon to start making the planned changes.

Create a New Group

Admin users can create new groups.

To create a new group, follow these steps:

  1. Click the Add New Group button.

  2. The New Group interface appears.

  3. Create a new group by specifying these fields:

    • Name
      Enter the name of the new group.

    • Email
      Enter the email associated with the group.

  4. Click Create.
    Here, we created a new group with name favorite_people, and email heros

     

  5. You should see a notification that Kloudfuse successfully created the new group.

  6. The New Group detail interface appears.

You can assign group members and their permissions, update the group email, or exist.

Assign Group Members

Group members can have one of two roles within the group, an Admin or a Member:

  • Admin
    This member can manage the group.

  • Member
    This member cannot change group parameters or permissions of other members.

To assign members to a group, follow these steps:

  1. Click the Add Member button in the Group Management detail interface for the group you plan to change.
    This could be a new group that you just created, or a group that existed for some time.

  2. The Members section expands so you can select or find an existing user, assign their role withing the group, and review their permissions.

  3. To select a user from the User menu, click the down-arrow, and click on a user in the list.
    Alternatively, search for the user by username, or search …
    You can change the role within the group before adding the user. By default, all users have Member group role; you can change it to Admin.
    Here, we add user7 as Member.

  4. Click Save.

  5. Kloudfuse confirms that you successfully added a new member to the group, and updates the list of members.

  6. Proceed to add more users to the group.
    Notice that the number in the Members field increases with each new member of the group.

Change a Member’s Permission

By default, each new person that you add to a group has a Member permission level. You can easily change the permission to Admin, or change an Admin to Member.

To change the Permission of a group member, follow these steps:

  1. Select the group where you want to make a change.
    If you are struggling to locate the correct group, see Find a Group.

  2. In the Members section of the Group Management detail interface of the group, click the Permission field, and select a different permission.
    Here, we change the permission for user5 from Member to Admin.

     

  3. Kloudfuse notifies you that the permission is successfully updated.

  4. The Members section of the Group Management detail interface shows the changed permission.
    Here, user5 is now an Admin.

Update Group Email

To change the Email of an existing group, follow these steps:

  1. Select the group where you want to make a change.
    If you are struggling to locate the correct group, see Find a Group.

  2. In the Settings section of the Group Management detail interface of the group, click the Email field, and enter a new email.
    Here, we change the email for group favorite_people from heroes@kloudfuse.com to favorites@kloudfuse.com.

Delete a Group

As organizational needs change, we recommend that you delete groups that no longer serve a business need.

To delete a group, follow these steps:

  1. Hover your pointer over the Members field of the group you plan to delete from the system.

  2. When the Delete (trashcan) icon appears, click it.
    Here, we are deleting the group test2.

  3. Kloudfuse prompts you to confirm deleting the group.
    You can click Delete to confirm, or Cancel to stop deleting the group.

You should see a notification that Kloudfuse deleted the group successfully.

The Group Management interface no longer lists the group test2.

Manage Policies

Policies are filters that determine the access that users and group have to various assets and artifacts of their organization.

When a user has multiple policies due to membership in multiple groups, these policy filters apply as a union (in other words, it uses the OR logical operator).

2.7.3.png Users who don’t have an explicitly assigned policy get the default access, specified in Default Policy.

To manage policies, follow these steps:

  1. Click the Admin tab.

  2. Select Policy Management.

  3. The Policy Management interface appears.
    It has the following components:

    • Search bar to locate specific policies

    • List of policies, including the Policy Name, Type, and Scope.

Proceed to make changes, as described in Change a Policy, Add a New Policy, and Delete a Policy.

Change a Policy

To change an existing policy, follow these steps:

  1. Hover Hover your pointer over the Scope field of the policy you plan to change.

  2. When the Edit (pencil) icon appears, click on it.

  3. The Edit Policy interface appears.
    You can change the Name of the policy, its Type, and its Key (the Operator / Value) tuple.
    You can build the key using logical operators, or regex expressions.
    You can also delete the existing key, and add another key as a filter.
    Here, we are changing the namespace_only policy by swapping the operator = (equal) to =~ (regex similar to).

  4. Click Save Policy.

  5. Kloudfuse confirms that you successfully changed the policy.

Note the changes in the policy as it appears on the Policy Management interface.

Add a New Policy

To add a new policy, follow these steps:

  1. In that Admin tab, select Policy Management.

  2. The Policy Management interface appears.
    It has the following components:

    • Search bar to locate specific policies

    • List of policies, including the Policy Name, Type, and Scope.

  3. Click the Add New Policy button.

  4. The Add Policy interface appears.

     

  5. In the interface, specify these fields:

    • Name
      Choose a meaningful and descriptive name for your new policy

    • Type
      The options are Custom (default), All, or None.
      You can build custom policies using the Key/Operator/Value specification.

  6. Here, we specify a custom policy test1 with Key kube_namespace, Operator = (equals), and Value octel.

  7. [Optional] You can use multiple filters to define your custom policies. Click the Add Filter button and proceed.

  8. After you finish defining your new policy, click Save Policy.

Kloudfuse confirms that you successfully created a new policy.

Note that the new policy appears on the Policy Management interface.

Delete a Policy

To delete an existing policy from your RBAC configuration, follow these steps:

  1. Hover your pointer over the Scope field of the policy you plan to delete from the system.

  2. When the Delete (trashcan) icon appears, click it.

  3. Kloudfuse prompts you to confirm deleting the policy.
    You can click Delete to confirm, or Cancel to stop deleting the policy.

You should see a notification that Kloudfuse deleted the policy successfully.

The Group Management interface no longer lists the policy test1.

Manage Policy Configuration

Policy configuration in Kloudfuse consists of assigning existing policies to user groups, or removing this assignment.

This section discusses topics related to managing policy configurations in Kloudfuse.

This section describes how to add or delete a policy configuration.

Add a New Policy Configuration

To add a new policy configuration, follow these steps:

  1. In that Admin tab, select Policy Config Management.

  2. The Policy Config Management interface appears.

  3. Click the Add New Policy Config button.

  4. The interface for creating a new policy configuration appears.

  5. Select an existing Policy and a Group where you plan to apply it.
    Here, we choose to apply the policy rbac_service_only to the group test group.

  6. Click Save.

  7. You should see a notification that Kloudfuse added the new policy configuration successfully.

The new policy configuration now appears in the interface.

Delete a Policy Configuration

To delete a policy configuration, follow these steps:

  1. Hover over the Group Name filed.

  2. When the Delete (trashcan) icon appears, click it.

  3. Kloudfuse prompts you to confirm deleting the policy configuration.
    You can click Delete to confirm, or Cancel to stop deleting the policy configuration.