You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The list of Global Tenant Roles under Tenant Scope
false
0
user-management
rbac
Global Tenant Scope
Tenant is an isolated workspace within the Palette Console. Users and teams with specific roles can be associated with
the tenants and projects you create.
Each user is assigned a role and permissions, which apply to the scopes, resources, and resourceKey. The Permissions
format is resourceKey.operation, where resourceKey refers to resource or the API functionality, and Operation refers
to the permitted action or activity.
To view the list of the predefined roles and permissions, ensure you are in the project scope Tenant. Next, navigate
to the left Main Menu and click on Tenant Settings > Roles, and you will find the list of Global Roles.
If you need to extend permissions, create a custom role by using the
Create Role option.
Below is the list of Roles and Permissions that already predefined for the Global Tenant Scope.
:::info
All users can view tags assigned to a resource. In technical terms, all users inherit the permission tag.get by
default.
:::
Tenants
Role Names
Description
Tenant Admin
Allows the user to create projects and manage projects within the tenant, covered under all operations related to projects
Tenant Viewer
Provides a read only access to all the project resources
Tenant Project Admin
The role with complete access to an existing project
The table enlists the role wise resourceKeys and Operations that are predefined under the Global Tenant Scope:
Tenant Admin
resourceKeys
Operations
Create
Delete
Get
List
Update
Import
Publish
Backup
Restore
apiKey
√
√
√
√
√
audit
√
√
cloudaccount
√
√
√
√
√
cloudconfig
√
√
√
√
√
cluster
√
√
√
√
√
√
clusterProfile
√
√
√
√
√
√
clusterRbac
√
√
√
√
√
dnsMapping
√
√
√
√
√
edgehost
√
√
√
√
√
location
√
√
√
√
√
machine
√
√
√
√
√
macro
√
√
√
√
√
packRegistry
√
√
√
√
√
privateGateway
√
√
√
√
√
project
√
√
√
√
√
role
√
√
√
√
√
sshKey
√
√
√
√
√
team
√
√
√
√
√
tag
√
user
√
√
√
√
√
workspace
√
√
√
√
√
√
√
Tenant Viewer
resourceKeys
Operations
Create
Delete
Get
List
Update
Import
Publish
Backup
Restore
apiKey
√
√
audit
√
√
cloudaccount
√
√
cloudconfig
√
√
cluster
√
√
clusterProfile
√
√
clusterRbac
√
√
dnsMapping
√
√
edgehost
√
√
location
√
√
machine
√
√
macro
√
√
packRegistry
√
√
privateGateway
√
√
project
√
√
role
√
√
sshKey
√
√
team
√
√
user
√
√
workspace
√
√
Tenant Project Admin
resourceKeys
Operations
Create
Get
Delete
List
Update
Import
Publish
Backup
Restore
apiKey
√
√
audit
√
√
cloudaccount
√
√
√
√
√
cloudconfig
√
√
√
√
√
cluster
√
√
√
√
√
√
clusterProfile
√
√
√
√
√
√
clusterRbac
√
√
√
√
√
dnsMapping
√
√
√
√
√
edgehost
√
√
√
√
√
location
√
√
√
√
√
machine
√
√
√
√
√
macro
√
√
√
√
√
packRegistry
√
√
√
√
√
privateGateway
√
√
√
√
√
project
√
√
√
√
√
sshKey
√
√
√
√
√
tag
√
workspace
√
√
√
√
√
√
√
Cluster Profile
Role Names
Description
Tenant Cluster Profile Admin
A role which has complete access to all the Cluster Profile related operations
Create
Delete
Get
List
Update
Import
Publish
Backup
Restore
clusterProfile
√
√
√
√
√
√
macro
√
√
√
√
√
packRegistry
√
√
tag
√
Tenant Role
Role Names
Description
Tenant Role Admin
A role which has complete access to all the Role related perations
Create
Delete
Get
List
Update
Import
Publish
Backup
Restore
role
√
√
√
√
√
Tenant Team
Role Names
Description
Tenant Team Admin
A role which has complete access to all the Team related operations
Create
Delete
Get
List
Update
Import
Publish
Backup
Restore
apiKey
√
√
audit
√
√
team
√
√
√
√
√
user
√
√
Tenant User
Role Names
Description
Tenant User Admin Role
A role which has complete access to all the User related operations
Create
Delete
Get
List
Update
Import
Publish
Backup
Restore
apiKey
√
√
√
√
√
audit
√
√
user
√
√
√
√
√
Tenants Cluster Group
Role Names
Description
Tenants Cluster Group Admin
Allows the user to create and manage cluster groups within the tenant, covered under all operations related to cluster groups
Tenants Cluster Group Editor
The role can perform edit operations related to a cluster group, but the user is not able to create or delete a cluster group
Tenants Cluster Group Viewer
Provides a read only access to all the cluster group resources
The table lists role resourceKeys and operations that are predefined under the Global Tenant Scope: