Skip to content

Roles and permissions in Lens Teamwork#

Lens Teamwork supports the role-based access control (RBAC) approach. Users of Lens Teamwork can create or be members of spaces. A space is a group of clusters and users. Within a space, there's a default permission distribution, and it is possible to customize access to clusters.

Permissions in spaces#

Within a space, users get cluster permissions through:

  • The default space roles
  • Team
  • Personal permissions

The default space roles define permissions for a space itself and for the associated clusters. Users can have the following default roles:

  • Owner

    Creates a space and has full control of it. Has read and write access to all connected clusters in a space.

  • Admin

    Creates and administers teams within a space. Has read and write access to all connected clusters in a space.

  • Member

    Observes a space and has read access to all connected clusters in a space.

A team is a group of space users that have certain permissions to a space clusters. A user can participate in multiple teams within a space.

Custom RBAC configuration#

Users that have read and write access to a cluster can configure the following RBAC API Kubernetes objects in the Access Control section of the cluster profile:

  • Role

    Sets permissions within a particular namespace.

  • ClusterRole

    Sets permissions cluster wide.

  • RoleBinding

    Grants permissions to users and user groups within a specific namespace.

  • ClusterRoleBinding

    Grants cluster wide permissions to users and user groups.

Note

For more information about Kubernetes RBAC see Using RBAC Authorization.