Role and Member Management
This guide demonstrates how to manage roles and members in your workspace. For more information about KubeSphere roles, see Overview of Role Management.
In workspace scope, you can grant the following resources' permissions to a role:
- Access Control
- Apps Management
- Workspace Settings
At least one workspace has been created, such as
demo-workspace. Besides, you need an account of the
workspace-admin role (e.g.
ws-admin) at the workspace level. See Create Workspace, Project, Account and Role if they are not ready yet.
workspace name-role name. For example, for a workspace named
demo-workspace, the actual role name of the role
In Workspace Roles, there are four available built-in roles as shown below. Built-in roles are created automatically by KubeSphere when a workspace is created and they cannot be edited or deleted. You can only review permissions and authorized users.
|workspace-viewer||The viewer in the workspace who can view all resources in the workspace.|
|workspace-self-provisioner||The regular user in the workspace who can create projects and DevOps projects.|
|workspace-regular||The regular user in the workspace who cannot create projects or DevOps projects.|
|workspace-admin||The administrator in the workspace who can perform any action on any resource. It gives full control over all resources in the workspace.|
In Workspace Roles , click
workspace-adminand you can see the role detail as shown below.
You can switch to Authorized Users tab to see all the users that are granted a
Create a Workspace Role
Log in the console as
ws-adminand go to Workspace Roles in Workspace Settings.
ws-adminis used as an example. As long as the account you are using is granted a role including the authorization of Workspace Members View, Workspace Roles Management and Workspace Roles View in Access Control at the workspace level, it can create a workspace role.
In Workspace Roles, click Create and set a Role Identifier. In this example, a role named
workspace-projects-adminwill be created. Click Edit Authorization to continue.
In Projects management, select the authorization that you want the user granted this role to have. For example, Projects Create, Projects Management, and Projects View are selected for this role. Click OK to finish.
NoteDepend on means the major authorization (the one listed after Depend on) needs to be selected first so that the affiliated authorization can be assigned.
Newly-created roles will be listed in Workspace Roles. You can click the three dots on the right to edit it.
NoteThe role of
workspace-projects-adminis only granted Projects Create, Projects Management, and Projects View, which may not satisfy your need. This example is only for demonstration purpose. You can create customized roles based on your needs.
Invite a New Member
In Workspace Settings, select Workspace Members and click Invite Member.
Invite a user to the workspace. Grant the role
workspace-projects-adminto the user.
After you add a user to the workspace, click OK. In Workspace Members, you can see the newly invited member listed.
You can also change the role of an existing member by editing it or remove it from the workspace.