Skip to main content
Version: latest

Global Project Scope

The Global Project Scope holds a group of resources, in a logical grouping, to a specific project. Users and Teams with specific Roles can be associated with the Project, Cluster, or Cluster Profile you create.

Palette has adopted the security principle of least privilege. Each user is assigned Roles and Permissions to the Scopes, Resources, and Components. The Permissions format is resourceKey.operation, where resourceKey refers to a resource or the API functionality, and operation refers to the action or activity allowed.

To view a list of the predefined roles and permissions, go to Tenant Settings > Roles, and you will find the list of Global Roles. If you need to extend your permissions, use the Create Role option.

Below is the predefined list of Roles and Permissions for the Global Project Scope:


App Deployment


Role NameDescription
App Deployment AdminProvides administrative privilege to perform all the App operations on App resources.
App Deployment EditorAllows the user to perform edit operations on an App but not to create or delete an App.
App Deployment ViewerAllows the user to view all the App resources but not to make modifications.



App Deployment Admin


resourceKeysOperations

CreateDeleteGetListUpdateImportPublishBackupRestore
appDeployment
appProfile
cloudaccount
clusterGroup
location
machine
macro
packRegistry
project
sshKey
tag
virtualCloudconfig
virtualCluster

App Profile


Role NamesDescription
App Profile AdminProvides administrative privilege to perform all the App operations on App profile resources.
App Profile EditorAllows the user to perform edit operations on App profiles but not to create or delete an App profile.
App Profile ViewerAllows the user to view all the App profile resources but not to modify them.



App Profile Admin


resourceKeysOperations

CreateDeleteGetListUpdateImportPublishBackupRestore
appProfile
macro
packRegistry
project

Project


Role NamesDescription
Project AdminThe Project Admin role is a closure of all the project operations. It is a administrative privilege for the project resources
Project EditorThe Project Editor role can perform edit operations within a project, but the user is not able to create or delete a project
Project ViewerThe Project Viewer will be able to view all the resources within a project, but not privileged to make modifications



Project Admin


resourceKeysOperations

CreateDeleteGetListUpdateImportPublishBackupRestore
audit
cloudaccount
cloudconfig
cluster
clusterProfile
clusterRbac
dnsMapping
edgehost
location
machine
macro
packRegistry
privateGateway
project
sshKey
tag
workspace

Cluster Profile


The user with these permissions can manage the Cluster Profiles within a project.


Role NamesDescription
Cluster Profile AdminCluster Profile Admin role has admin privileges to all the cluster profile operations
Cluster Profile EditorCluster Profile Editor role has privileges to edit and list operations on the cluster profile
Cluster Profile ViewerCluster Profile Viewer role has read-only privileges to cluster profiles


Cluster Profile Admin


resourceKeysOperations

CreateDeleteGetListUpdateImportPublishBackupRestore
clusterProfile
macro
packRegistry
tag


Cluster




Role NamesDescription
Cluster AdminA cluster admin in Project scope has all the privileges related to cluster operation
Cluster EditorA cluster editor in Project scope has the privileges to update, delete,get and list cluster resources. This role is not privileged for cluster creation
Cluster ViewerA cluster viewer in Project scope is a read-only privilege to cluster operations


Cluster Admin


resourceKeysOperations

CreateDeleteGetListUpdateImportPublishBackupRestore
cloudaccount
cloudconfig
cluster
clusterProfile
clusterRbac
dnsMapping
edgehost
location
machine
macro
packRegistry
privateGateway
tag
sshKey


Cloud Account



Role NamesDescription
Cluster Account AdminAn administrative access to cloud account operations
Cluster Account EditorAn editor access to cloud cloud account operations
Cluster Account ViewerA read-only role for cloud account operations


Cluster Account Admin


resourceKeysOperations

CreateDeleteGetListUpdateImportPublishBackupRestore
cloudaccount

Workspace



Role NamesDescription
Workspace AdminAdministrator role to workspace operations
Workspace EditorEditor role to workspace operations


Workspace Admin


resourceKeysOperations

CreateDeleteGetListUpdateImportPublishBackupRestore
workspace

Virtual Cluster


Role NamesDescription
Virtual Cluster AdminProvides administrative privilege to perform all virtual cluster operations on App resources.
Virtual Cluster EditorAllows the user to perform edit operations on a virtual cluster but not to create or delete a virtual cluster.
Virtual Cluster ViewerAllows the user to view all the virtual cluster resources but not to modify them.



Virtual Cluster Admin


resourceKeysOperations

CreateDeleteGetListUpdateImportPublishBackupRestore
clusterGroup
location
macro
project
tag
virtualCloudconfig
virtualCluster