Access Policy Settings
< scope | access policy create workflow
Terminology
- User access policies: Allows a user to directly access a cluster, such as by using the command:
wf access cluster
. - Access Token policies: Allows a user to assign cluster access to an access token, such as by using the command:
wf assign accessrole
. - Roles: Defines a set of permissions for a user or system access token to perform actions in a Wayfinder-managed Kubernetes cluster.
- Groups: The groups of users that this access policy applies to. Users in these groups are able to access the clusters using the roles specified.
- Session duration limit: Limits the maximum duration permitted for a single user access session to a cluster under this policy.
📚 For more details on key points, refer to the overview section.
📚 Explore the properties section for additional information on each UI property.
CLI Instructions
Follow the instructions in the details section.
Web Interface Instructions
Steps
- Fill in the policy details as outlined in the properties section.
- Click Continue to proceed
Screenshot(s)
Properties
Field | Description |
---|---|
Subject Type | The subject type to which the policy applies. Option(s): - User: User access policies allow a user to directly access a cluster, such as by using the command wf access cluster . - Access Token: Access token policies allow a user to assign cluster access to an access token, such as by using the command wf assign accessrole . |
Roles | The role(s) this policy permits access to. Specify at least one. A role defines a set of permissions for a user or system access token to perform actions in a Wayfinder-managed Kubernetes cluster. |
Groups | The group(s) this policy permits access to. Specify at least one. The groups of users that this access policy applies to. Users in these groups are able to access the clusters using the roles specified. |
Session duration limit | Only applicable to the user subject type. Limits the maximum duration permitted for a single user access session to a cluster under this policy. Format: hhmmss |