3 - 自定义角色
Within Rancher, roles determine what actions a user can make within a cluster or project.
Note that roles are different from permissions, which determine what clusters and projects you can access.
Prerequisites:
To complete the tasks on this page, the following permissions are required:
- Administrator Global Permissions.
- Custom Global Permissions with the Manage Roles role assigned.
Adding A Custom Role
While Rancher comes out-of-the-box with a set of default user roles, you can also create default custom roles to provide users with very specific permissions within Rancher.
From the Global view, select Security > Roles from the main menu.
v2.0.7 and later only: Select a tab to determine the scope of the roles you’re adding. The tabs are:
- Cluster
The role is valid for assignment when adding/managing members to only clusters.
- Project
The role is valid for assignment when adding/managing members to only projects.
Note: You cannot edit the Global tab.
Click Add Cluster/Project Role.
Name the role.
Choose whether to set the role to a status of locked.
Locked roles cannot be assigned to users.
- v2.0.7 and later only: Choose a Cluster/Project Creator Default option setting. Use this option to set if the role is assigned to a user when they create a new cluster or project. Using this feature, you can expand or restrict the default roles for cluster/project creators.
Note: Out of the box, the Cluster Creator Default and the Project Creator Default roles are
Cluster Owner
andProject Owner
respectively.
v2.0.6 and earlier only: Assign the role a Context. Context determines the scope of role assigned to the user. The contexts are:
- All
The user can use their assigned role regardless of context. This role is valid for assignment when adding/managing members to clusters or projects.
- Cluster
This role is valid for assignment when adding/managing members to only clusters.
- Project
This role is valid for assignment when adding/managing members to only projects.
- Use the Grant Resources options to assign individual Kubernetes API endpoints to the role.
You can also choose the individual cURL methods (Create
, Delete
, Get
, etc.) available for use with each endpoint you assign.
Use the Inherit from a Role options to assign individual Rancher roles to your custom roles.
Click Create.