The Global Project Scope holds a group of resources, in a logical grouping, to a specific project. Users and Teams with specific Roles can be associated with the Project, Cluster, or Cluster Profile you create.
Palette has adopted the security principle of least privilege. Each user is assigned Roles and Permissions to the Scopes, Resources, and Components. The Permissions format is resourceKey.operation
, where resourceKey refers to a resource or the API functionality, and operation refers to the action or activity allowed.
To view a list of the predefined roles and permissions, go to Tenant Settings > Roles, and you will find the list of Global Roles. If you need to extend your permissions, use the Create Role option.
Below is the predefined list of Roles and Permissions for the Global Project Scope:
Role Names | Description |
---|
Project Admin | The Project Admin role is a closure of all the project operations. It is a administrative privilege for the project resources |
Project Editor | The Project Editor role can perform edit operations within a project, but the user is not able to create or delete a project |
Project Viewer | The Project Viewer will be able to view all the resources within a project, but not privileged to make modifications |
| Create | Delete | Get | List | Update | Import | Publish | Backup | Restore |
---|
audit | | | √ | √ | | | | | |
cloudaccount | √ | √ | √ | √ | √ | | | | |
cloudconfig | √ | √ | √ | √ | √ | | | | |
cluster | √ | √ | √ | √ | √ | √ | | | |
clusterProfile | √ | √ | √ | √ | √ | | √ | | |
clusterRbac | √ | √ | √ | √ | √ | | | | |
dnsMapping | √ | √ | √ | √ | √ | | | | |
edgehost | √ | √ | √ | √ | √ | | | | |
location | √ | √ | √ | √ | √ | | | | |
machine | √ | √ | √ | √ | √ | | | | |
macro | √ | √ | √ | √ | √ | | | | |
packRegistry | | | √ | √ | | | | | |
privateGateway | √ | √ | √ | √ | √ | | | | |
project | | | √ | √ | √ | | | | |
sshKey | √ | √ | √ | √ | √ | | | | |
workspace | √ | √ | √ | √ | √ | | | √ | √ |
The user with these permissions can manage the Cluster Profiles within a project.
Role Names | Description |
---|
Cluster Profile Admin | Cluster Profile Admin role has admin privileges to all the cluster profile operations |
Cluster Profile Editor | Cluster Profile Editor role has privileges to edit and list operations on the cluster profile |
Cluster Profile Viewer | Cluster Profile Viewer role has read-only privileges to cluster profiles |
| Create | Delete | Get | List | Update | Import | Publish | Backup | Restore |
---|
clusterProfile | √ | √ | √ | √ | √ | | √ | | |
macro | √ | √ | √ | √ | √ | | | | |
packRegistry | √ | √ | | | | | | | |
Role Names | Description |
---|
Cluster Admin | A cluster admin in Project scope has all the privileges related to cluster operation |
Cluster Editor | A cluster editor in Project scope has the privileges to update, delete,get and list cluster resources. This role is not privileged for cluster creation |
Cluster Viewer | A cluster viewer in Project scope is a read-only privilege to cluster operations |
| Create | Delete | Get | List | Update | Import | Publish | Backup | Restore |
---|
cloudaccount | | | √ | √ | | | | | |
cloudconfig | √ | √ | √ | √ | √ | | | | |
cluster | √ | √ | √ | √ | √ | √ | | | |
clusterProfile | √ | √ | | | | | | | |
clusterRbac | √ | √ | √ | √ | √ | | | | |
dnsMapping | √ | √ | √ | √ | √ | | | | |
edgehost | √ | √ | √ | √ | √ | | | | |
location | √ | √ | √ | √ | √ | | | | |
machine | √ | √ | √ | √ | √ | | | | |
macro | √ | √ | √ | √ | √ | | | | |
packRegistry | √ | √ | | | | | | | |
privateGateway | √ | √ | | | | | | | |
sshKey | √ | √ | √ | √ | √ | | | | |
Role Names | Description |
---|
Cluster Account Admin | An administrative access to cloud account operations |
Cluster Account Editor | An editor access to cloud cloud account operations |
Cluster Account Viewer | A read-only role for cloud account operations |
| Create | Delete | Get | List | Update | Import | Publish | Backup | Restore |
---|
cloudaccount | √ | √ | √ | √ | √ | | | | |
Role Names | Description |
---|
Workspace Admin | Administrator role to workspace operations |
Workspace Editor | Editor role to workspace operations |
| Create | Delete | Get | List | Update | Import | Publish | Backup | Restore |
---|
workspace | √ | √ | √ | √ | √ | | | √ | √ |