public/rancher-docs
1
0
Fork 0
mirror of https://github.com/rancher/rancher-docs.git synced 2026-04-15 19:05:41 +00:00
Code Issues Packages Projects Releases Wiki Activity

adding instructions on how to lock/unlock a role.

Browse Source
This commit is contained in:
Mark Bishop
2018-06-07 22:46:02 -07:00
parent 5fcad4154b
commit a351f7fb92
2 changed files with 26 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
content/rancher/v2.x/en/concepts/global-configuration/_index.md
View File

@@ -196,7 +196,7 @@ _Project roles_ are roles that can be used to grant users access to a project. T
##### Custom Project Roles
Rancher lets you assign _custom project roles_ to a user instead of the typical `Owner`, `Member`, or `Read Only` roles. These roles can be either a built-in custom project roles or one defined by a Rancher administrator. They are convenient for defining narrow or specialized access for a user within a project. See the table below for a list of built-in custom project roles.
Rancher lets you assign _custom project roles_ to a user instead of the typical `Owner`, `Member`, or `Read Only` roles. These roles can be either a built-in custom project role or one defined by a Rancher administrator. They are convenient for defining narrow or specialized access for a user within a project. See the table below for a list of built-in custom project roles.
##### Project Role Reference

39
content/rancher/v2.x/en/tasks/global-configuration/roles/_index.md
View File

@@ -23,35 +23,46 @@ While Rancher comes out-of-the-box with a set of default user roles, you can als
3. **Name** the role.
4. Assign the role a **Context**. Context determines the scope of permissions assigned to the user. The contexts are:
4. Choose whether to set the role to a status of [locked]({{< baseurl >}}/rancher/v2.x/en/concepts/global-configuration/#locked-roles).
Locked roles cannot be assigned to users.
For example, if you want to test a role before widespread implementation, you should lock the role.
5. Assign the role a **Context**. Context determines the scope of role assigned to the user. The contexts are:
- **All**
The user can use their assigned permissions regardless of context. The user's permissions are valid in all clusters and projects.
The user can use their assigned role regardless of context. The user's role are valid in all clusters and projects.
- **Cluster**
The user can use their assigned permissions within a selected cluster.
The user can use their assigned role within a selected cluster.
- **Project**
The user can use their assigned permissions within a selected project.
The user can use their assigned role within a selected project.
5. Use the **Grant Resources** options to assign individual [Kubernetes API endpoints](https://kubernetes.io/docs/reference/) to the role.
6. Use the **Grant Resources** options to assign individual [Kubernetes API endpoints](https://kubernetes.io/docs/reference/) to the role.
You can also choose the individual cURL methods (`Create`, `Delete`, `Get`, etc.) available for use with each endpoint you assign.
6. Use the **Inherit from a Role** options to assign individual Rancher roles to your custom roles.
7. Use the **Inherit from a Role** options to assign individual Rancher roles to your custom roles.
7. Click **Create**.
8. Click **Create**.
## Locking/Unlocking Roles
If you want to prevent a role from being assigned to users, you can set it to a status of `locked`. For more information about what this status means, see [Locked Roles]({{< baseurl >}}/rancher/v2.x/en/concepts/global-configuration/#locked-roles).
You can lock roles in two contexts:
- When you're [adding a custom role](#adding-a-custom-role).
- When you editing an existing role (see below).
Locking/Unlocking Roles
1. From the **Global** view, select **Security** > **Roles**.
When creating a role , "Locked" field is preselected to "No" which means the role is unlocked and is available to be assigned to users.
Users can choose to lock roles by choosing "Yes" for "Locked" field when creating Roles. When roles are locked , they will be not be available in the
set of roles that can be assigned to users.
Existing roles can also be locked/unlocked by editing the role and setting the locked field to "Yes/No".
2. From the role that you want to lock (or unlock), select **Vertical Ellipsis (...)** > **Edit**.
3. From the **Locked** option, choose the **Yes** or **No** radio button. Then click **Save**.