Describe KKP user and admin privileges

kubermatic / docs

Documentation for Kubermatic projects

https://docs.kubermatic.com/

Other

15 stars 105 forks source link

Describe KKP user and admin privileges #1362

Open csengerszabo opened 1 year ago

csengerszabo commented 1 year ago

We have to create a clear and appropriate table of the possible actions and privileges of a KKP user and admin somewhere over here in the docs: https://docs.kubermatic.com/kubermatic/main/architecture/role-based-access-control/

vgramer commented 1 year ago

Just to clarify, This ticket has to explain the difference between a KKP user and KKP admin (basically same right as an owner on all projects and can edit Kubermatic settings c.f. https://docs.kubermatic.com/kubermatic/main/tutorials-howtos/administration/admin-panel/)

Rework the existing RBAC to list all possible actions: something like this:

	Viewer	editor	Owner
cluster	RO	RW	RW
cluster nodes (machineDeployment)	RO	RW	RW
addons	RO	RW	RW
project's member	X	X	RW

(to be completed)

csengerszabo commented 1 year ago

basically same right as an owner on all projects

Unfortunately this part is currently seem not to be true, and admin privileges are said to be inconsistent. That is why we need to do an anaylsis over what actions the admins can do now exactly. And then the next step would be a proposal to make the privileges of the 2 roles consistent to this basic principle.