15308555518/ website
1
0
Fork 0
mirror of https://github.com/kubesphere/website.git synced 2025-12-30 17:52:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge pull request #322 from Sherlock113/rolemne 

Update role and member management wording and add notes
This commit is contained in:
pengfei 2020-09-28 17:15:36 +08:00 committed by GitHub
parent 478c0421da 791b20212c
commit bea7019e0b
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 61 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
content/en/docs/devops-user-guide/devops-administration/role-and-member-management.md
View File

@ -1,13 +1,12 @@
---
title: "Role and Member Management"
keywords: 'kubernetes, kubesphere, air gapped, installation'
keywords: 'Kubernetes, KubeSphere, DevOps, role, member'
description: 'Role and Member Management'
weight: 2240
---
This guide demonstrates how to manage roles and members in your DevOps project. For the overview of KubeSphere roles, see the [Overview of Role Management](../todo).
This guide demonstrates how to manage roles and members in your DevOps project. For more information about KubeSphere roles, see Overview of Role Management.
In DevOps project scope, you can grant the following resources' permissions to a role:
@ -18,28 +17,33 @@ In DevOps project scope, you can grant the following resources' permissions to a
## Prerequisites
At least one DevOps project has been created, such as `demo-devops`. Besides, you need an account of the `admin` role at the DevOps project level. See the [Create Workspace, Project, Account and Role](../../../quick-start/create-workspace-and-project/) if it is not ready yet.
At least one DevOps project has been created, such as `demo-devops`. Besides, you need an account of the `admin` role (e.g. `devops-admin`) at the DevOps project level. See [Create Workspace, Project, Account and Role](../../../quick-start/create-workspace-and-project/) if it is not ready yet.
## Built-in roles
## Built-in Roles
In **Project Roles**, there are three available built-in roles as shown below. Built-in roles are created automatically by KubeSphere when creating the DevOps project and they cannot be edited or deleted.
In **Project Roles**, there are three available built-in roles as shown below. Built-in roles are created automatically by KubeSphere when a DevOps project is created and they cannot be edited or deleted.
| Built-in Roles | Description |
| ------------------ | ------------------------------------------------------------ |
| viewer | Allows viewer access to view all resources in the DevOps project. |
| operator | Normal member in a DevOps project who can create pipeline credentials in the DevOps project.|
| admin | Allows admin access to perform any action on any resource. It gives full control over all resources in the DevOps project. |
| viewer | The viewer who can view all resources in the DevOps project. |
| operator | The normal member in a DevOps project who can create pipelines and credentials in the DevOps project. |
| admin | The administrator in the DevOps project who can perform any action on any resource. It gives full control over all resources in the DevOps project. |
## Create a DevOps Project Role
1. Log in the console as `devops-admin` and select `demo-devops` under **DevOps Projects** list.
2. Go to **Project Roles** in **Project Management**, click **Create** and set a **Role Identifier**. In this example, a role named `pipeline-creator` will be created.
1. Log in the console as `devops-admin` and select a DevOps project (e.g. `demo-devops`) under **DevOps Projects** list.
{{< notice note >}}
The account `devops-admin` is used as an example. As long as the account you are using is granted a role including the authorization of **Project Members View**, **Project Roles Management** and **Project Roles View** in **Access Control** at DevOps project level, it can create a DevOps project role.
{{</ notice >}}
2. Go to **Project Roles** in **Project Management**, click **Create** and set a **Role Identifier**. In this example, a role named `pipeline-creator` will be created. Click **Edit Authorization** to continue.
![Create a devops project role](/images/docs/devops-admin/devops_role_step1.png)
Click **Edit Authorization** to continue.
3. In **Pipelines Management**, select the authorization that you want the user granted this role to have. For example, **Pipelines Management** and **Pipelines View** are selected for this role. Click OK to finish.
3. In **Pipelines Management**, select the authorization that you want the user granted this role to have. For example, **Pipelines Management** and **Pipelines View** are selected for this role. Click **OK** to finish.
![Edit Authorization](/images/docs/devops-admin/devops_role_step2.png)
@ -55,14 +59,13 @@ Click **Edit Authorization** to continue.
{{< notice note >}}
The role of `pipeline-creator` is only granted with Pipeline create/view permission, which may not satisfy your demand. This example is only for demonstration purpose. You can create customized roles based on your needs.
The role of `pipeline-creator` is only granted **Pipelines Management** and **Pipelines View**, which may not satisfy your need. This example is only for demonstration purpose. You can create customized roles based on your needs.
{{</ notice >}}
## Invite a New Member
1. In **Project Management**, select **Project Members** and click **Invite Member**.
2. Invite a user to the DevOps project. Grant the role of `pipeline-creator` to the user.
![invite member](/images/docs/devops-admin/devops_invite_member.png)
@ -74,7 +77,6 @@ The user must be invited to the DevOps project's workspace first.
{{</ notice >}}
3. After you add a user to the DevOps project, click **OK**. In **Project Members**, you can see the newly invited member listed.
4. You can also change the role of an existing member by editing it or remove it from the DevOps project.
![edit member role](/images/docs/devops-admin/devops_user_edit.png)

39
content/en/docs/project-administration/role-and-member-management.md
View File

@ -1,13 +1,13 @@
---
title: "Role and Member Management"
keywords: 'KubeSphere, kubernetes, docker, helm, jenkins, istio, prometheus'
keywords: 'KubeSphere, Kubernetes, role, member, management, project'
description: 'Role and Member Management in a Project'
linkTitle: "Role and Member Management"
weight: 2130
---
This guide demonstrates how to manage roles and members in your project. For the overview of KubeSphere roles, see the [Overview of Role Management](../todo).
This guide demonstrates how to manage roles and members in your project. For more information about KubeSphere roles, see Overview of Role Management.
In project scope, you can grant the following resources' permissions to a role:
@ -20,34 +20,39 @@ In project scope, you can grant the following resources' permissions to a role:
## Prerequisites
At least one project has been created, such as `demo-project`. Besides, you need an account of the `admin` role at the Project level. See the [Create Workspace, Project, Account and Role](../../quick-start/create-workspace-and-project/) if it is not ready yet.
At least one project has been created, such as `demo-project`. Besides, you need an account of the `admin` role (e.g. `project-admin`) at the project level. See [Create Workspace, Project, Account and Role](../../quick-start/create-workspace-and-project/) if it is not ready yet.
## Built-in roles
## Built-in Roles
In **Project Roles**, there are three available built-in roles as shown below. Built-in roles are created automatically by KubeSphere when creating the project and they cannot be edited or deleted. You can only review permissions and authorized users.
In **Project Roles**, there are three available built-in roles as shown below. Built-in roles are created automatically by KubeSphere when a project is created and they cannot be edited or deleted. You can only review permissions and authorized users.
| Built-in Roles | Description |
| ------------------ | ------------------------------------------------------------ |
| viewer | Allows viewer access to view all resources in the namespace. |
| regular | The maintainer of the project who can manage resources other than users and roles in the project. |
| admin | Allows admin access to perform any action on any resource. It gives full control over all resources in the namespace. |
| viewer | The viewer who can view all resources in the project. |
| operator | The maintainer of the project who can manage resources other than users and roles in the project. |
| admin | The administrator in the project who can perform any action on any resource. It gives full control over all resources in the project. |
1. In **Project Roles** , click on the title of `admin`.
1. In **Project Roles**, click `admin` and you can see the role detail as shown below.
![view role details](/images/docs/project-admin/project_role_detail.png)
2. You can also switch to the **Authorized Users** tab, to see all the users that are granted with an `admin` role.
2. You can switch to **Authorized Users** tab to see all the users that are granted an `admin` role.
## Create a Project Role
1. Log in the console as `project-admin` and select `demo-project` under **Projects** list.
2. Go to **Project Roles** in **Project Settings**, click **Create** and set a **Role Identifier**. In this example, a role named `project-monitor` will be created.
1. Log in the console as `project-admin` and select a project (e.g. `demo-project`) under **Projects** list.
{{< notice note >}}
The account `project-admin` is used as an example. As long as the account you are using is granted a role including the authorization of **Project Members View**, **Project Roles Management** and **Project Roles View** in **Access Control** at project level, it can create a project role.
{{</ notice >}}
2. Go to **Project Roles** in **Project Settings**, click **Create** and set a **Role Identifier**. In this example, a role named `project-monitor` will be created. Click **Edit Authorization** to continue.
![Create a project role](/images/docs/project-admin/project_role_create_step1.png)
Click **Edit Authorization** to continue.
3. Select the authorization that you want the user granted this role to have. For example, **Application Workloads View** in **Application Workloads**, **Alerting Messages View** and **Alerting Policies View** in **Monitoring & Alerting** are selected for this role. Click **OK** to finish.
3. Select the authorization that you want the user granted this role to have. For example, **Application Workloads View** in **Application Workloads**, and **Alerting Messages View** and **Alerting Policies View** in **Monitoring & Alerting** are selected for this role. Click **OK** to finish.
![Edit Authorization](/images/docs/project-admin/project_role_create_step2.png)
@ -63,14 +68,13 @@ Click **Edit Authorization** to continue.
{{< notice note >}}
The role of `project-monitor` is only granted with Monitoring & Alerting view permission, which may not satisfy your demand. This example is only for demonstration purpose. You can create customized roles based on your needs.
The role of `project-monitor` is only granted limited permissions in **Monitoring & Alerting**, which may not satisfy your need. This example is only for demonstration purpose. You can create customized roles based on your needs.
{{</ notice >}}
## Invite a New Member
1. In **Project Settings**, select **Project Members** and click **Invite Member**.
2. Invite a user to the project. Grant the role of `project-monitor` to the user.
![invite member](/images/docs/project-admin/project_invite_member_step2.png)
@ -82,7 +86,6 @@ The user must be invited to the project's workspace first.
{{</ notice >}}
3. After you add a user to the project, click **OK**. In **Project Members**, you can see the newly invited member listed.
4. You can also change the role of an existing member by editing it or remove it from the project.
![edit member role](/images/docs/project-admin/project_user_edit.png)

39
content/en/docs/workspaces-administration/role-and-member-management.md
View File

@ -1,13 +1,13 @@
---
title: "Role and Member Management"
keywords: "kubernetes, workspace, kubesphere, multitenancy"
keywords: "Kubernetes, workspace, KubeSphere, multitenancy"
description: "Role and Member Management in a Workspace"
linkTitle: "Role and Member Management"
weight: 200
---
This guide demonstrates how to manage roles and members in your workspace. For the overview of KubeSphere roles, see the [Overview of Role Management](../todo).
This guide demonstrates how to manage roles and members in your workspace. For more information about KubeSphere roles, see Overview of Role Management.
In workspace scope, you can grant the following resources' permissions to a role:
@ -19,40 +19,45 @@ In workspace scope, you can grant the following resources' permissions to a role
## Prerequisites
At least one workspace has been created, such as `demo-workspace`. Besides, you need an account of the `workspace-admin` role at the Workspace level. See the [Create Workspace, Project, Account and Role](../../quick-start/create-workspace-and-project/) if it is not ready yet.
At least one workspace has been created, such as `demo-workspace`. Besides, you need an account of the `workspace-admin` role (e.g. `ws-admin`) at the workspace level. See [Create Workspace, Project, Account and Role](../../quick-start/create-workspace-and-project/) if it is not ready yet.
{{< notice note >}}
The actual role name follows a naming convention: `workspace name-role name`. For example, in this workspace named `demo-workspace`, the actual role name of the role `workspace-admin` is `demo-workspace-admin`.
The actual role name follows a naming convention: `workspace name-role name`. For example, for a workspace named `demo-workspace`, the actual role name of the role `workspace-admin` is `demo-workspace-admin`.
{{</ notice >}}
## Built-in roles
## Built-in Roles
In **Workspace Roles**, there are four available built-in roles as shown below. Built-in roles are created automatically by KubeSphere when creating the workspace and they cannot be edited or deleted. You can only review permissions and authorized users.
In **Workspace Roles**, there are four available built-in roles as shown below. Built-in roles are created automatically by KubeSphere when a workspace is created and they cannot be edited or deleted. You can only review permissions and authorized users.
| Built-in Roles | Description |
| ------------------ | ------------------------------------------------------------ |
| workspace-viewer | Allows viewer access to view all resources in the workspace. |
| workspace-self-provisioner | Regular user in the workspace who can create namespaces and DevOps projects. |
| workspace-regular | Regular user in the workspace who cannot create namespaces or DevOps projects. |
| workspace-admin | Allows admin access to perform any action on any resource. It gives full control over all resources in the workspace. |
| workspace-viewer | The viewer in the workspace who can view all resources in the workspace. |
| workspace-self-provisioner | The regular user in the workspace who can create projects and DevOps projects. |
| workspace-regular | The regular user in the workspace who cannot create projects or DevOps projects. |
| workspace-admin | The administrator in the workspace who can perform any action on any resource. It gives full control over all resources in the workspace. |
1. In **Workspace Roles** , click on the title of `workspace-admin`.
1. In **Workspace Roles** , click `workspace-admin` and you can see the role detail as shown below.
![invite member](/images/docs/ws-admin/workspace_role_detail.png)
2. You can also switch to the **Authorized Users** tab, to see all the users that are granted with a `workspace-admin` role.
2. You can switch to **Authorized Users** tab to see all the users that are granted a `workspace-admin` role.
## Create a Workspace Role
1. Log in the console as `ws-admin` and go to **Workspace Roles** in **Workspace Settings**.
2. In **Workspace Roles**, click **Create** and set a **Role Identifier**. In this example, a role named `workspace-projects-admin` will be created.
{{< notice note >}}
The account `ws-admin` is used as an example. As long as the account you are using is granted a role including the authorization of **Workspace Members View**, **Workspace Roles Management** and **Workspace Roles View** in **Access Control** at the workspace level, it can create a workspace role.
{{</ notice >}}
2. In **Workspace Roles**, click **Create** and set a **Role Identifier**. In this example, a role named `workspace-projects-admin` will be created. Click **Edit Authorization** to continue.
![Create a workspace role](/images/docs/ws-admin/workspace_role_create_step1.png)
Click **Edit Authorization** to continue.
3. In **Projects management**, select the authorization that you want the user granted this role to have. For example, **Projects Create**, **Projects Management**, and **Projects View** are selected for this role. Click **OK** to finish.
![Edit Authorization](/images/docs/ws-admin/workspace_role_create_step2.png)
@ -69,21 +74,19 @@ Click **Edit Authorization** to continue.
{{< notice note >}}
The role of `workspace-projects-admin` is only granted with Projects create/view permission, which may not satisfy your demand. This example is only for demonstration purpose. You can create customized roles based on your needs.
The role of `workspace-projects-admin` is only granted **Projects Create**, **Projects Management**, and **Projects View**, which may not satisfy your need. This example is only for demonstration purpose. You can create customized roles based on your needs.
{{</ notice >}}
## Invite a New Member
1. In **Workspace Settings**, select **Workspace Members** and click **Invite Member**.
2. Invite a user to the workspace. Grant the role `workspace-projects-admin` to the user.
![invite member](/images/docs/ws-admin/workspace_invite_user.png)
3. After you add a user to the workspace, click **OK**. In **Workspace Members**, you can see the newly invited member listed.
4. You can also change the role of an existing member by editing it or remove it from the workspace.
![edit member role](/images/docs/ws-admin/workspace_user_edit.png)