Part 2: User Management
This is Part 2 of a multi-part, self paced quick start exercise.
What Will You Do¶
In part 2, you will
- Add a new user (ideally a remote colleague or use a 2nd email address) to the newly created project with suitable access privileges
- Ask the user to login into the web console and experience how RBAC is automatically enforced for users with different roles
Estimated time burden for this part is 20 minutes.
- You have access to a colleague that is willing to participate or you have a second email address that you can use.
Step 1: New User¶
In this step, you will add a new user to the newly created project from the previous part.
- Click on Home -> System -> Users
- Click on New User
- Enter a valid email address for the new user, the first name, last name and Save
At this point, an activation email would have been sent to the specified email address with instructions on how to access the Org. But, since the user has not be configured with any roles and permissions, they will not be access anything useful.
Step 2: Configure Roles¶
In this step, you will configure roles for the new user created in the prior step.
- Under Home -> System -> Users, search for the user by their email address.
- Edit User and click on the Project tab (Note that the user has not been assigned to any project yet)
- Select the "desktop" project and select "Infrastructure Admin" role.
With this role, we will implement separation of duties by authorizing this user to manage the infrastructure (i.e. cluster), but block them from being able to manage the lifecycle of k8s workloads.
- Verify the user's role assignments
As you can see, this user only has access to the "desktop" project with an "Infrastructure Admin" role.
Step 3: New User Login¶
- Login to your Org as the new user
You will notice that as we configured in the prior step, the new user can only access the "desktop" project. In addition, this user can only view and access Infrastructure related functionality. Users with this role will not have access to Applications, GitOps pipelines etc.
Clicking on the "desktop" project will take the user to the underlying resources in the project. But, notice that this user can only view Infrastructure resources and will have a different view of the desktop project relative to the Org Admin user.
Congratulations! In this part, you
- Added a new user to your Org
- Configured the new user with limited access privileges to the desktop project