角色

Within Rancher, roles determine what actions a user can make within a cluster or project.

Note that roles are different from permissions, which determine what clusters and projects you can access.

先决条件:

To complete the tasks on this page, the following permissions are required:

Adding A Custom Role

While Rancher comes out-of-the-box with a set of default user roles, you can also create custom roles to provide users with very specific permissions within Rancher.

  • From the Global view, select Security > Roles from the main menu.

  • Click Add Role.

  • Name the role.

  • Choose whether to set the role to a status of locked.

Locked roles cannot be assigned to users.

  • Assign the role a Context. Context determines the scope of role assigned to the user. The contexts are:

    • All

The user can use their assigned role regardless of context. This role is valid for assignment when adding/managing members to clusters or projects.

  • Cluster

This role is valid for assignment when adding/managing members to only clusters.

  • Project

This role is valid for assignment when adding/managing members to only projects.

You can also choose the individual cURL methods (Create, Delete, Get, etc.) available for use with each endpoint you assign.

  • Use the Inherit from a Role options to assign individual Rancher roles to your custom roles.

  • Click Create.

Locking/Unlocking Roles

If you want to prevent a role from being assigned to users, you can set it to a status of locked. For more information about what this status means, see Locked Roles.

You can lock roles in two contexts:

  • When you’re adding a custom role.
  • When you editing an existing role (see below).

  • From the Global view, select Security > Roles.

  • From the role that you want to lock (or unlock), select Vertical Ellipsis (…) > Edit.

  • From the Locked option, choose the Yes or No radio button. Then click Save.