Product Guide
Organization Administration

Roles and Permissions

4min

Permissions

Permissions are a key security control. In order to protect sensitive information and maintain the integrity of systems, permissions play a fundamental role. By defining what actions or operations a user or process can perform, permissions help to enforce access control and ensure that only authorized individuals have the ability to perform certain tasks. These permissions act as a safeguard, preventing unauthorized access or misuse of resources.

In Kubeark, permission types grant users access to different sections of the app and define key allowed actions for the users, such as read, create, update or delete items on the specific section. A role is identified as group of permissions that are grouped under one name. All the roles can be customised.

Roles

During the installation process of the Kubeark platform, an administrative role with all permissions is created by default. This allows for an initial level of access control to be established for the administrator, who can then proceed to create custom roles with varying levels of permissions. The custom roles can be tailored to the needs of specific user groups, departments, or projects, enabling a flexible and granular approach to access control.

All sections of the web application are structured with the standard Create, Read, Update, and Delete (CRUD) permissions. This allows for precise control over the level of access that each role has to the different sections and features of the web application. The administrator can then assign specific roles to individual users or groups of users, ensuring that only authorized users have access to sensitive data and functionality.

Additionally, the Kubeark Platform provides advanced auditing capabilities that allow you to track and record actions performed by users and to gain a better understanding of user activity. This can help you to detect any malicious or accidental actions, as well as to identify any areas where additional controls are required.

Overall, the Kubeark Platform's role-based access control system allows you to establish a secure and compliant environment, while also providing the flexibility and granularity that you need to manage access control for a diverse set of users.

The is created during the Kubeark installation process and is the most powerful Account, being authorised to execute all the possible actions in the Kubeark platform.

The is a basic permission level needed in order to access the Kubeark Platform. This role can be created, updated, or deleted based on the RBAC Matrix defined by the global_admin, admin, or user.

Document image


Below you will find a list of all possible permissions:

Asset

Permissions

Users

  • users_read
  • users_create
  • users_update
  • users_delete

Roles

  • roles_read
  • roles_create
  • roles_update
  • roles_delete

Cluster

  • cluster_read
  • cluster_create
  • cluster_update
  • cluster_delete

Config

  • config_read
  • config_create
  • config_update
  • config_delete

Deployment

  • deployment_read
  • deployment_create
  • deployment_update
  • deployment_delete

License

  • license_delete
  • license_update
  • license_create
  • license_delete

Monitoring

  • monitoring_read
  • monitoring_update
  • monitoring_create
  • monitoring_delete

Billing

  • billing_read
  • billing_update
  • billing_create
  • billing_delete

Alerts

  • alerts_read
  • alerts_update
  • alerts_create
  • alerts_delete

Logs

  • logs_read
  • logs_update
  • logs_create
  • logs_delete

Webhooks

  • webhooks_read
  • webhooks_create
  • webhooks_update
  • webhooks_delete



Updated 12 Feb 2024
Doc contributor
Did this page help you?
PREVIOUS
Federation and Single Sign On (SSO)
NEXT
Operational Flow
Docs powered by Archbee