Global Project Scope

The Global Project Scope holds a group of resources, in a logical grouping, to a specific project. Users and Teams with specific Roles can be associated with the Project, Cluster, or Cluster Profile you create.

Palette has adopted the security principle of least privilege. Each user is assigned Roles and Permissions to the Scopes, Resources, and Components. The Permissions format is resourceKey.operation, where resourceKey refers to a resource or the API functionality, and operation refers to the action or activity allowed.

To view a list of the predefined roles and permissions, go to Tenant Settings > Roles, and you will find the list of Global Roles. If you need to extend your permissions, use the Create Role option.

Below is the predefined list of Roles and Permissions for the Global Project Scope:

App Deployment

---

Role Name	Description
App Deployment Admin	Provides administrative privilege to perform all the App operations on App resources.
App Deployment Editor	Allows the user to perform edit operations on an App but not to create or delete an App.
App Deployment Viewer	Allows the user to view all the App resources but not to make modifications.

App Deployment Admin

App Deployment Admin

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
appDeployment	√	√	√	√	√
appProfile			√	√
cloudaccount			√	√
clusterGroup			√	√
location	√	√	√	√	√
machine			√	√
macro	√	√	√	√	√
packRegistry			√	√
project			√	√
sshKey	√	√	√	√	√
tag					√
virtualCloudconfig	√	√	√	√	√
virtualCluster	√	√	√	√	√

App Deployment Editor

App Deployment Editor

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
appDeployment			√	√	√
appProfile			√	√
cloudaccount			√	√
clusterGroup			√	√
location			√	√	√
machine			√	√
macro			√	√
packRegistry			√	√
project			√	√
sshKey			√	√	√
tag					√
virtualCloudconfig			√	√	√
virtualCluster			√	√	√

App Deployment Viewer

App Deployment Viewer

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
appDeployment			√	√
appProfile			√	√
cloudaccount			√	√
clusterGroup			√	√
location			√	√
machine			√	√
macro			√	√
packRegistry			√	√
project			√	√
sshKey			√	√
virtualCloudconfig			√	√
virtualCluster			√	√

App Profile

---

Role Names	Description
App Profile Admin	Provides administrative privilege to perform all the App operations on App profile resources.
App Profile Editor	Allows the user to perform edit operations on App profiles but not to create or delete an App profile.
App Profile Viewer	Allows the user to view all the App profile resources but not to modify them.

App Profile Admin

App Profile Admin

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
appProfile	√	√	√	√	√
macro	√	√	√	√	√
packRegistry			√	√
project			√	√

App Profile Editor

App Profile Editor

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
appProfile			√	√	√
macro			√	√	√
packRegistry			√	√
project			√	√

App Profile Viewer

App Profile Viewer

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
appProfile			√	√
macro			√	√
packRegistry			√	√
project			√	√

Project

---

Role Names	Description
Project Admin	The Project Admin role is a closure of all the project operations. It is a administrative privilege for the project resources
Project Editor	The Project Editor role can perform edit operations within a project, but the user is not able to create or delete a project
Project Viewer	The Project Viewer will be able to view all the resources within a project, but not privileged to make modifications

Project Admin

Project Admin

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
audit			√	√
cloudaccount	√	√	√	√	√
cloudconfig	√	√	√	√	√
cluster	√	√	√	√	√	√
clusterProfile	√	√	√	√	√		√
clusterRbac	√	√	√	√	√
dnsMapping	√	√	√	√	√
edgehost	√	√	√	√	√
location	√	√	√	√	√
machine	√	√	√	√	√
macro	√	√	√	√	√
packRegistry			√	√
privateGateway	√	√	√	√	√
project			√	√	√
sshKey	√	√	√	√	√
tag					√
workspace	√	√	√	√	√			√	√

Project Editor

Project Editor

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
audit			√	√
cloudaccount			√	√	√
cloudconfig	√		√	√	√
cluster			√	√	√
clusterProfile			√	√	√		√
clusterRbac			√	√	√
dnsMapping			√	√	√
edgehost			√	√	√
location			√	√	√
machine		√	√	√	√
macro			√	√	√
packRegistry			√	√
privateGateway			√	√	√
project			√	√	√
sshKey			√	√	√
tag					√
workspace			√	√	√			√	√

Project Viewer

Project Viewer

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
audit	√				√
cloudaccount	√				√
cloudconfig	√				√
cluster	√				√
clusterProfile	√				√
dnsMapping	√				√
edgehost	√				√
location	√				√
machine	√				√
macro	√				√
packRegistry	√				√
privateGateway	√				√
project	√				√
sshKey	√				√
workspace	√				√

Cluster Profile

---

The user with these permissions can manage the Cluster Profiles within a project.

Role Names	Description
Cluster Profile Admin	Cluster Profile Admin role has admin privileges to all the cluster profile operations
Cluster Profile Editor	Cluster Profile Editor role has privileges to edit and list operations on the cluster profile
Cluster Profile Viewer	Cluster Profile Viewer role has read-only privileges to cluster profiles

Cluster Profile Admin

Cluster Profile Admin

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
clusterProfile	√	√	√	√	√		√
macro	√	√	√	√	√
packRegistry	√	√
tag					√

Cluster Profile Editor

Cluster Profile Editor

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
clusterProfile			√	√	√		√
macro			√	√	√
packRegistry			√	√
tag					√

Cluster Profile Viewer

Cluster Profile Viewer

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
clusterProfile			√	√
macro			√	√
packRegistry			√	√

Cluster

---

Role Names	Description
Cluster Admin	A cluster admin in Project scope has all the privileges related to cluster operation
Cluster Editor	A cluster editor in Project scope has the privileges to update, delete,get and list cluster resources. This role is not privileged for cluster creation
Cluster Viewer	A cluster viewer in Project scope is a read-only privilege to cluster operations

Cluster Admin

Cluster Admin

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
cloudaccount			√	√
cloudconfig	√	√	√	√	√
cluster	√	√	√	√	√	√
clusterProfile	√	√
clusterRbac	√	√	√	√	√
dnsMapping	√	√	√	√	√
edgehost	√	√	√	√	√
location	√	√	√	√	√
machine	√	√	√	√	√
macro	√	√	√	√	√
packRegistry	√	√
privateGateway	√	√
tag					√
sshKey	√	√	√	√	√

Cluster Editor

Cluster Editor

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
cloudaccount			√	√
cloudconfig			√	√	√
cluster			√	√	√
clusterProfile			√	√
clusterRbac			√	√	√
dnsMapping			√	√	√
edgehost			√	√	√
location			√	√	√
machine		√	√	√	√
macro			√	√	√
packRegistry			√	√
privateGateway			√	√
tag					√
sshKey			√	√	√

Cluster Viewer

Cluster Viewer

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
cloudaccount			√	√
cloudconfig			√	√
cluster			√	√
clusterProfile			√	√
clusterRbac			√	√
dnsMapping			√	√
edgehost			√	√
location			√	√
machine			√	√
macro			√	√
packRegistry			√	√
privateGateway			√	√
sshKey			√	√

Cloud Account

---

Role Names	Description
Cluster Account Admin	An administrative access to cloud account operations
Cluster Account Editor	An editor access to cloud cloud account operations
Cluster Account Viewer	A read-only role for cloud account operations

Cluster Account Admin

Cluster Account Admin

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
cloudaccount	√	√	√	√	√

Cluster Account Editor

Cluster Account Editor

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
cloudaccount			√	√	√

Cluster Account Viewer

Cluster Account Viewer

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
cloudaccount			√	√

Workspace

---

Role Names	Description
Workspace Admin	Administrator role to workspace operations
Workspace Editor	Editor role to workspace operations

Workspace Admin

Workspace Admin

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
workspace	√	√	√	√	√			√	√

Workspace Operator

Workspace Operator

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
workspace			√	√				√	√

Virtual Cluster

---

Role Names	Description
Virtual Cluster Admin	Provides administrative privilege to perform all virtual cluster operations on App resources.
Virtual Cluster Editor	Allows the user to perform edit operations on a virtual cluster but not to create or delete a virtual cluster.
Virtual Cluster Viewer	Allows the user to view all the virtual cluster resources but not to modify them.

Virtual Cluster Admin

Virtual Cluster Admin

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
clusterGroup			√	√
location			√	√
macro	√	√	√	√	√
project			√	√
tag					√
virtualCloudconfig	√	√	√	√	√
virtualCluster	√	√	√	√	√

Virtual Cluster Editor

Virtual Cluster Editor

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
clusterGroup			√	√
location			√	√
macro			√	√	√
project			√	√
tag					√
virtualCloudconfig			√	√	√
virtualCluster			√	√	√

App Deployment Viewer

Virtual Cluster Viewer

resourceKeys

Operations

---

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
clusterGroup			√	√
location			√	√
macro			√	√
project			√	√
virtualCloudconfig			√	√
virtualCluster			√	√