DX Cloud Identity and Access Management
In the Cockpit, roles define the access permissions a user has for various sections and actions. Each role is associated with specific capabilities, and users must have the required roles to interact with or view different parts of the system.
This page outlines the customer groups along with the roles and how they control access across features in the cockpit.
In addition to Cockpit roles, descriptions for customer Rancher access are also described here.
| You must also have the feature toggled on for you. PaaS support can enable a feature for you. |
Groups
For the Cockpit, there are groups to which you add users. These groups contain permissions through their assigned roles.
-
customer-admins: contains all roles.
-
customer-devops
See roles
For full details, see Roles.
-
cockpit-business
-
cockpit-developer
-
cockpit-devops
-
cockpit-support
-
logs-read
-
metrics-read
-
subscription-api-read
-
subscription-api-write
-
report-api-read
-
user-api-read
-
redirect-api-read
-
redirect-api-write
-
logs-api-audit-read
-
cluster-api-ingress-read
-
cluster-api-ingress-write
-
cluster-api-secret-read
-
cluster-api-secret-write
-
cluster-api-service-read
-
certificate-api-write
-
certificate-api-read
-
cdn-api-geofencing-read
-
cdn-api-geofencing-write
-
cdn-api-access-control-read
-
cdn-api-access-control-write
-
cdn-api-blocked-ips-read
-
cdn-api-blocked-ips-write
-
cdn-api-object-responses-read
-
cdn-api-object-responses-write
-
cdn-api-segmented-caching-read
-
cdn-api-segmented-caching-write
-
cdn-api-waiting-room-read
-
cdn-api-waiting-room-write
-
cdn-api-ttl-read
-
cdn-api-ttl-write
-
cdn-api-purge-all
-
cdn-api-purge-url
-
view-users
-
cluster-api-error-pages-read
-
cluster-api-error-pages-write
-
-
customer-operations
See roles
For full details, see Roles.
-
cockpit-business
-
cockpit-developer
-
cockpit-devops
-
cockpit-support
-
logs-read
-
metrics-read
-
subscription-api-read
-
logs-api-audit-read
-
cdn-api-geofencing-read
-
cdn-api-geofencing-write
-
cdn-api-access-control-read
-
cdn-api-access-control-write
-
cdn-api-blocked-ips-read
-
cdn-api-blocked-ips-write
-
cdn-api-object-responses-read
-
cdn-api-object-responses-write
-
cdn-api-segmented-caching-read
-
cdn-api-segmented-caching-write
-
cdn-api-waiting-room-read
-
cdn-api-waiting-room-write
-
cdn-api-ttl-read
-
cdn-api-ttl-write
-
cdn-api-purge-all
-
cdn-api-purge-url
-
-
customer-project-owners
See roles
For full details, see Roles.
-
cockpit-business
-
subscription-api-write
-
report-api-read
-
For Rancher access, there is only one group:
-
customers: Access through Rancher roles.
Roles
The table here lists all of the possible roles for the Cockpit alongside what sections in the cockpit you can access with the role and a short description of the role.
- Key
-
Read access
Write access
| Role | Sections | Description |
|---|---|---|
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
Predefined set of roles associated with the support group. |
|
|
Predefined set of roles associated with the business group. |
|
|
Predefined set of roles associated with the developer group. |
|
|
Predefined set of roles associated with the devops group. |
|
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|
||
|