Role and Member Management

In project scope, you can grant the following resources’ permissions to a role:

Application Workloads
Storage
Monitoring & Alerting
Project Settings
Access Control

At least one project has been created, such as . Besides, you need an account of the admin role (e.g. project-admin) at the project level. See Create Workspace, Project, Account and Role if it is not ready yet.

In Project Roles, there are three available built-in roles as shown below. Built-in roles are created automatically by KubeSphere when a project is created and they cannot be edited or deleted. You can only review permissions and authorized users.

In Project Roles, click and you can see the role detail as shown below.

You can switch to Authorized Users tab to see all the users that are granted an admin role.

Note

Select the authorization that you want the user granted this role to have. For example, Application Workloads View in Application Workloads, and Alerting Messages View and Alerting Policies View in Monitoring & Alerting are selected for this role. Click OK to finish.

Note

Depend on means the major authorization (the one listed after Depend on) needs to be selected first so that the affiliated authorization can be assigned.

Newly-created roles will be listed in Project Roles. You can click the three dots on the right to edit it.

The role of is only granted limited permissions in Monitoring & Alerting, which may not satisfy your need. This example is only for demonstration purpose. You can create customized roles based on your needs.

In Project Settings, select Project Members and click Invite Member.
Invite a user to the project. Grant the role of project-monitor to the user.

Note

The user must be invited to the project’s workspace first.

After you add a user to the project, click OK. In Project Members, you can see the newly invited member listed.
You can also change the role of an existing member by editing it or remove it from the project.