1 - 全局权限

    • Administrator:

    These users have full control over the entire Rancher system and all clusters within it.

    • Standard User:

    These users can create new clusters and use them. Standard users can also assign other users permissions to their clusters.

    Assignment of global permissions to a user depends on their authentication source: external or local.

    When a user logs into Rancher using an external authentication provider for the first time, they are automatically assigned the Standard User global permission.

    • Local Authentication

    When you create a new local user, you assign them a global permission as you complete the Add User form.

    Permissions are individual access rights that you can assign when selecting a custom permission for a user.

    Using custom permissions is convenient for providing users with narrow or specialized access to Rancher. See the table below for a list of individual permissions available.

    The following table lists each custom global permission available and whether it is assigned to the default global permissions, Administrator and .

    When a user from an signs into Rancher for the first time, they’re automatically assigned a set of global permissions (hereafter, permissions). By default, new users are assigned the user permissions. However, in some organizations, these permissions may extend too much access. In this use case, you can change the default permissions to something more restrictive, such as a set of individual permissions.

    You can assign one or more default permissions. For example, the user permission assigns new users a . If you want to restrict the default permissions for new users, you can remove the permission as default role and then assign multiple individual permissions as default instead. Conversely, you can also add administrative permissions on top of a set of other standard permissions.

    You can change the default global permissions that are assigned to external users upon their first log in.

    • From the Global view, select Security > Roles from the main menu. Make sure the Global tab is selected.

    • Find the permissions set that you want to use as default. Then edit the permission by selecting Ellipsis > Edit.

    • If you want to remove a default permission, edit the permission and select No from New User Default.

    Result: The default global permissions are configured based on your changes. Permissions assigned to new users display a check in the New User Default column.