The Global Project Scope holds a cluster of resources, in a logical grouping, to a specific project. Users and Teams with specific Roles can be associated with the Project, Cluster, or Cluster Profile you create.
Palette has adopted the security principle of least privilege. Each user is assigned Roles and Permissions to the Scopes, Resources, and Components. The Permissions format is component.operation, where component refers to a resource or the API functionality, and operation refers to the action or activity allowed.
To view a list of the predefined roles and permissions, go to Tenant Settings > Roles, and you will find the list of Global Roles. If you need to extend your permissions, use the Create Role option.
Below is the predefined list of Roles and Permissions for the Global Project Scope.
The Project Administrator can manage a project, where the user has the Project Admin role. The permission applies to this specific project.
| Components | Operations |
| Create | Delete | Get | List | Update | Import | Publish | Backup | Restore | |
|---|---|---|---|---|---|---|---|---|---|
| audit | √ | √ | |||||||
| cloudaccount | √ | √ | √ | √ | √ | ||||
| cloudconfig | √ | √ | √ | √ | √ | ||||
| cluster | √ | √ | √ | √ | √ | √ | |||
| clusterProfile | √ | √ | √ | √ | √ | √ | |||
| clusterRbac | √ | √ | √ | √ | √ | ||||
| dnsMapping | √ | √ | √ | √ | √ | ||||
| edgehost | √ | √ | √ | √ | √ | ||||
| location | √ | √ | √ | √ | √ | ||||
| machine | √ | √ | √ | √ | √ | ||||
| macro | √ | √ | √ | √ | √ | ||||
| packRegistry | √ | √ | |||||||
| privateGateway | √ | √ | √ | √ | √ | ||||
| project | √ | √ | √ | ||||||
| sshKey | √ | √ | √ | √ | √ | ||||
| workspace | √ | √ | √ | √ | √ | √ | √ |
The user with these permissions can manage the Cluster Profiles within a project.
The user holding these permissions is able to manage the Cloud Accounts within a project.