Role and Member Management

    In workspace scope, you can grant the following resources’ permissions to a role:

    • Projects
    • Access Control
    • Apps Management
    • Workspace Settings

    At least one workspace has been created, such as . Besides, you need an account of the workspace-admin role (e.g. ws-admin) at the workspace level. See Create Workspace, Project, Account and Role if it is not ready yet.

    Note

    The actual role name follows a naming convention: workspace name-role name. For example, for a workspace named , the actual role name of the role workspace-admin is demo-workspace-admin.

    In Workspace Roles, there are four available built-in roles as shown below. Built-in roles are created automatically by KubeSphere when a workspace is created and they cannot be edited or deleted. You can only review permissions and authorized users.

    1. In Workspace Roles , click workspace-admin and you can see the role detail as shown below.
    1. You can switch to Authorized Users tab to see all the users that are granted a role.

    Note

    The account ws-admin is used as an example. As long as the account you are using is granted a role including the authorization of Workspace Members View, Workspace Roles Management and Workspace Roles View in Access Control at the workspace level, it can create a workspace role.

    1. In Workspace Roles, click Create and set a Role Identifier. In this example, a role named workspace-projects-admin will be created. Click Edit Authorization to continue.

    1. In Projects management, select the authorization that you want the user granted this role to have. For example, Projects Create, Projects Management, and Projects View are selected for this role. Click OK to finish.

    Edit Authorization

    Note

    1. Newly-created roles will be listed in Workspace Roles. You can click the three dots on the right to edit it.

    Note

    The role of is only granted Projects Create, Projects Management, and Projects View, which may not satisfy your need. This example is only for demonstration purpose. You can create customized roles based on your needs.

    1. In Workspace Settings, select Workspace Members and click Invite Member.
    2. Invite a user to the workspace. Grant the role workspace-projects-admin to the user.

    invite member

    1. You can also change the role of an existing member by editing it or remove it from the workspace.