Groups, Roles and Access Policies
A user group is a convenient way to associate a set of users to roles and access policies. You can create groups specific to your workspace and associate them to the access policies you require.
Wayfinder comes with default user groups that appear in all workspaces and you can add your own.
Each default group is associated with an access policy, so that users in each group have a set of permissions and access controls associated with that group. For example, users in the owner group in a workspace have more access than users in the member group. Your Wayfinder administrator may also add more default user groups that appear in your workspace.
Workspaces can add users to default groups as needed, but cannot change the group's default access policy. However, you can create a new access policy, and apply it to a default group in your workspace.
If you are a Wayfinder administrator then you can administer groups, roles and access policies across all workspaces.
Create a workspace user group
In Wayfinder's web interface:
- Select Workspaces > Your-Workspace-Name, then navigate to Settings and select the Groups tab.
- You are presented with the groups overview
- Click on the Create Group button
- Fill in the properties
Properties
This section specifies the properties to create a new group.
| Field | Description |
|---|---|
| Name | The name for the new group. |
| Description | Meaningful description for this workspace. |
| Add users to group | Add one or more users to the group. |
| Access Polcies | Use the 'Go to Access Policies' button to give this new group access to Kubernetes clusters |
Edit or delete a group
The delete action cannot be undone.
In Wayfinder's web interface:
- Select Workspaces > Your-Workspace-Name, then navigate to Settings and select the Groups tab.
- Expand the group you want.
- Click the Actions tab, and then click either the Edit or Delete buttons.
Add Roles and Access Policies
Roles permit permissions against Kuernetes resources and Access Policies constrain a role's permitted permissions to specific resources and conditions.
Workspace roles and access policies are specific to each workspace and you can create your own as needed. By default, Wayfinder includes global (platform-level) roles and access policies that are available in all workspaces and you cannot edit or delete them. You however have full control over the roles and access policies you create.
Visit the Managing User Access (Clusters) section for full details on how to administer roles and access policies in your workspace.