Roles and permissions in Lens Teamwork#
Lens Teamwork supports the role-based access control (RBAC) approach. Users of Lens Teamwork can create or be members of team spaces. A team space is a group of clusters and users. Within a team space, there's a default permission distribution, and it is possible to customize access to clusters.
Permissions in team spaces#
Within a team space, users get cluster permissions through:
- The default team space roles
- Team
- Personal permissions
The default team space roles define permissions for a team space itself and for the associated clusters. Users can have the following default roles:
-
Owner
Creates a team space and has full control of it. Has read and write access to all connected clusters in a team space.
-
Admin
Creates and administers teams within a team space. Has read and write access to all connected clusters in a team space.
-
Member
Observes a team space and has read access to all connected clusters in a team space.
A team is a group of team space users that have certain permissions to a team space clusters. A user can participate in multiple teams within a team space.
Custom RBAC configuration#
Users that have read and write access to a cluster can configure the following RBAC API Kubernetes objects in the Access Control section of the cluster profile:
-
Role
Sets permissions within a particular namespace.
-
ClusterRole
Sets permissions cluster wide.
-
RoleBinding
Grants permissions to users and user groups within a specific namespace.
-
ClusterRoleBinding
Grants cluster wide permissions to users and user groups.
Note
For more information about Kubernetes RBAC see Using RBAC Authorization.