Global Project Scope

The Global Project Scope holds a group of resources, in a logical grouping, to a specific project. Users and Teams with specific Roles can be associated with the Project, Cluster, or Cluster Profile you create.

Palette has adopted the security principle of least privilege. Each user is assigned Roles and Permissions to the Scopes, Resources, and Components. The Permissions format is resourceKey.operation, where resourceKey refers to a resource or the API functionality, and operation refers to the action or activity allowed.

To view a list of the predefined roles and permissions, go to Tenant Settings > Roles, and you will find the list of Global Roles. If you need to extend your permissions, use the Create Role option.

Below is the predefined list of Roles and Permissions for the Global Project Scope:

Project

Role Names	Description
Project Admin	The Project Admin role is a closure of all the project operations. It is a administrative privilege for the project resources
Project Editor	The Project Editor role can perform edit operations within a project, but the user is not able to create or delete a project
Project Viewer	The Project Viewer will be able to view all the resources within a project, but not privileged to make modifications

Project Admin

Project Editor

Project Viewer

Project Admin

resourceKeys

Operations

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
audit			√	√
cloudaccount	√	√	√	√	√
cloudconfig	√	√	√	√	√
cluster	√	√	√	√	√	√
clusterProfile	√	√	√	√	√		√
clusterRbac	√	√	√	√	√
dnsMapping	√	√	√	√	√
edgehost	√	√	√	√	√
location	√	√	√	√	√
machine	√	√	√	√	√
macro	√	√	√	√	√
packRegistry			√	√
privateGateway	√	√	√	√	√
project			√	√	√
sshKey	√	√	√	√	√
workspace	√	√	√	√	√			√	√

Cluster Profile

The user with these permissions can manage the Cluster Profiles within a project.

Role Names	Description
Cluster Profile Admin	Cluster Profile Admin role has admin privileges to all the cluster profile operations
Cluster Profile Editor	Cluster Profile Editor role has privileges to edit and list operations on the cluster profile
Cluster Profile Viewer	Cluster Profile Viewer role has read-only privileges to cluster profiles

Cluster Profile Admin

Cluster Profile Editor

Cluster Profile Viewer

Cluster Profile Admin

resourceKeys

Operations

	Create	Delete	Get	List	Update	Publish
clusterProfile	√	√	√	√	√	√
macro	√	√	√	√	√
packRegistry	√	√

Cluster

Role Names	Description
Cluster Admin	A cluster admin in Project scope has all the privileges related to cluster operation
Cluster Editor	A cluster editor in Project scope has the privileges to update, delete,get and list cluster resources. This role is not privileged for cluster creation
Cluster Viewer	A cluster viewer in Project scope is a read-only privilege to cluster operations

Cluster Admin

Cluster Editor

Cluster Viewer

Cluster Admin

resourceKeys

Operations

	Create	Delete	Get	List	Update	Import
cloudaccount			√	√
cloudconfig	√	√	√	√	√
cluster	√	√	√	√	√	√
clusterProfile	√	√
clusterRbac	√	√	√	√	√
dnsMapping	√	√	√	√	√
edgehost	√	√	√	√	√
location	√	√	√	√	√
machine	√	√	√	√	√
macro	√	√	√	√	√
packRegistry	√	√
privateGateway	√	√
sshKey	√	√	√	√	√

Cloud Account

Role Names	Description
Cluster Account Admin	An administrative access to cloud account operations
Cluster Account Editor	An editor access to cloud cloud account operations
Cluster Account Viewer	A read-only role for cloud account operations

Cluster Account Admin

Cluster Account Editor

Cluster Account Viewer

Cluster Account Admin

resourceKeys

Operations

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
cloudaccount	√	√	√	√	√

Workspace

Role Names	Description
Workspace Admin	Administrator role to workspace operations
Workspace Editor	Editor role to workspace operations

Workspace Admin

Workspace Operator

Workspace Admin

resourceKeys

Operations

	Create	Delete	Get	List	Update	Import	Publish	Backup	Restore
workspace	√	√	√	√	√			√	√

Edit on GitHub