Workspace Role and Member Management
This tutorial demonstrates how to manage roles and members in a workspace. At the workspace level, you can grant permissions in the following modules to a role:
- Project Management
- DevOps Project Management
- App Management
- Access Control
- Workspace Settings
At least one workspace has been created, such as
demo-workspace. Besides, you need an account of the
workspace-admin role (for example,
ws-admin) at the workspace level. For more information, see Create Workspaces, Projects, Accounts and Roles.
workspace name-role name. For example, for a workspace named
demo-workspace, the actual role name of the role
In Workspace Roles, there are four available built-in roles as shown below. Built-in roles are created automatically by KubeSphere when a workspace is created and they cannot be edited or deleted. You can only view permissions included in a built-in role or assign it to a user.
|The viewer in the workspace who can view all resources in the workspace.|
|The regular user in the workspace who can create projects and DevOps projects.|
|The regular user in the workspace who cannot create projects or DevOps projects.|
|The administrator in the workspace who can perform any action on any resource. It gives full control over all resources in the workspace.|
To view the permissions that a role contains:
Log in to the console as
ws-admin. In Workspace Roles, click a role (for example,
workspace-admin) and you can see role details as shown below.
Click the Authorized Users tab to see all the users that are granted the role.
Create a Workspace Role
Navigate to Workspace Roles under Workspace Settings.
In Workspace Roles, click Create and set a role Name (for example,
demo-project-admin). Click Edit Permissions to continue.
In the pop-up window, permissions are categorized into different Modules. In this example, click Project Management and select Project Creation, Project Management, and Project Viewing for this role. Click OK to finish creating the role.
NoteDepends on means the major permission (the one listed after Depends on) needs to be selected first so that the affiliated permission can be assigned.
Newly-created roles will be listed in Workspace Roles. To edit an existing role, click on the right.
Invite a New Member
Navigate to Workspace Members under Workspace Settings, and click Invite Member.
Invite a user to the workspace by clicking on the right of it and assign a role to it.
After you add the user to the workspace, click OK. In Workspace Members, you can see the user in the list.
To edit the role of an existing user or remove the user from the workspace, click on the right and select the corresponding operation.