我的书签
添加书签
移除书签3 - 自定义角色
Within Rancher, roles determine what actions a user can make within a cluster or project.
Note that roles are different from permissions, which determine what clusters and projects you can access.
Prerequisites:
To complete the tasks on this page, the following permissions are required:
- Administrator Global Permissions.
- Custom Global Permissions with the Manage Roles role assigned.
Adding A Custom Role
While Rancher comes out-of-the-box with a set of default user roles, you can also create default custom roles to provide users with very specific permissions within Rancher.
From the Global view, select Security > Roles from the main menu.
v2.0.7 and later only: Select a tab to determine the scope of the roles you’re adding. The tabs are:
- Cluster
The role is valid for assignment when adding/managing members to only clusters.
- Project
The role is valid for assignment when adding/managing members to only projects.
Note: You cannot edit the Global tab.
Click Add Cluster/Project Role.
Name the role.
Choose whether to set the role to a status of locked.
Locked roles cannot be assigned to users.
- v2.0.7 and later only: Choose a Cluster/Project Creator Default option setting. Use this option to set if the role is assigned to a user when they create a new cluster or project. Using this feature, you can expand or restrict the default roles for cluster/project creators.
Note: Out of the box, the Cluster Creator Default and the Project Creator Default roles are
Cluster OwnerandProject Ownerrespectively.
v2.0.6 and earlier only: Assign the role a Context. Context determines the scope of role assigned to the user. The contexts are:
- All
The user can use their assigned role regardless of context. This role is valid for assignment when adding/managing members to clusters or projects.
- Cluster
This role is valid for assignment when adding/managing members to only clusters.
- Project
This role is valid for assignment when adding/managing members to only projects.
- Use the Grant Resources options to assign individual Kubernetes API endpoints to the role.
You can also choose the individual cURL methods (Create, Delete, Get, etc.) available for use with each endpoint you assign.
Use the Inherit from a Role options to assign individual Rancher roles to your custom roles.
Click Create.
