Global Project Scope

The Global Project Scope holds a group of resources, in a logical grouping, to a specific project. Users and Teams with specific Roles can be associated with the Project, Cluster, or Cluster Profile you create.

Palette has adopted the security principle of least privilege. Each user is assigned Roles and Permissions to the Scopes, Resources, and Components. The Permissions format is resourceKey.operation, where resourceKey refers to a resource or the API functionality, and operation refers to the action or activity allowed.

To view a list of the predefined roles and permissions, go to Tenant Settings > Roles, and you will find the list of Global Roles. If you need to extend your permissions, use the Create Role option.

Below is the predefined list of Roles and Permissions for the Global Project Scope:


Project


Role NamesDescription
Project AdminThe Project Admin role is a closure of all the project operations. It is a administrative privilege for the project resources
Project EditorThe Project Editor role can perform edit operations within a project, but the user is not able to create or delete a project
Project ViewerThe Project Viewer will be able to view all the resources within a project, but not privileged to make modifications



Project Admin


resourceKeysOperations

CreateDeleteGetListUpdateImportPublishBackupRestore
audit
cloudaccount
cloudconfig
cluster
clusterProfile
clusterRbac
dnsMapping
edgehost
location
machine
macro
packRegistry
privateGateway
project
sshKey
workspace

Cluster Profile


The user with these permissions can manage the Cluster Profiles within a project.


Role NamesDescription
Cluster Profile AdminCluster Profile Admin role has admin privileges to all the cluster profile operations
Cluster Profile EditorCluster Profile Editor role has privileges to edit and list operations on the cluster profile
Cluster Profile ViewerCluster Profile Viewer role has read-only privileges to cluster profiles


Cluster Profile Admin


resourceKeysOperations

CreateDeleteGetListUpdateImportPublishBackupRestore
clusterProfile
macro
packRegistry


Cluster




Role NamesDescription
Cluster AdminA cluster admin in Project scope has all the privileges related to cluster operation
Cluster EditorA cluster editor in Project scope has the privileges to update, delete,get and list cluster resources. This role is not privileged for cluster creation
Cluster ViewerA cluster viewer in Project scope is a read-only privilege to cluster operations


Cluster Admin


resourceKeysOperations

CreateDeleteGetListUpdateImportPublishBackupRestore
cloudaccount
cloudconfig
cluster
clusterProfile
clusterRbac
dnsMapping
edgehost
location
machine
macro
packRegistry
privateGateway
sshKey


Cloud Account



Role NamesDescription
Cluster Account AdminAn administrative access to cloud account operations
Cluster Account EditorAn editor access to cloud cloud account operations
Cluster Account ViewerA read-only role for cloud account operations


Cluster Account Admin


resourceKeysOperations

CreateDeleteGetListUpdateImportPublishBackupRestore
cloudaccount

Workspace



Role NamesDescription
Workspace AdminAdministrator role to workspace operations
Workspace EditorEditor role to workspace operations


Workspace Admin


resourceKeysOperations

CreateDeleteGetListUpdateImportPublishBackupRestore
workspace