From b6c47e67b541e6d237bc04aeb8523e8e54dd4ac8 Mon Sep 17 00:00:00 2001 From: Aleksandar Petreski Date: Mon, 25 May 2020 20:43:34 +0200 Subject: [PATCH] Add missing User-Base Global Permission As rancher list the following global permissions: Administrator Administrators have full control over the entire installation and all resources in all clusters. Standard User Standard Users can create new clusters and manage clusters and projects they have been granted access to. User-Base User-Base users have login-access only. if i understand correctly the concept i think that this should be reflected in the Readme file as well. --- .../rbac/global-permissions/_index.md | 36 ++++++++++--------- 1 file changed, 19 insertions(+), 17 deletions(-) diff --git a/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md b/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md index 123a11ea5e1..036abcc3181 100644 --- a/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md +++ b/content/rancher/v2.x/en/admin-settings/rbac/global-permissions/_index.md @@ -5,12 +5,14 @@ weight: 1126 _Permissions_ are individual access rights that you can assign when selecting a custom permission for a user. -Global Permissions define user authorization outside the scope of any particular cluster. Out-of-the-box, there are two default global permissions: `Administrator` and `Standard User`. +Global Permissions define user authorization outside the scope of any particular cluster. Out-of-the-box, there are three default global permissions: `Administrator`, `Standard User` and `User-base`. - **Administrator:** These users have full control over the entire Rancher system and all clusters within it. - **Standard User:** These users can create new clusters and use them. Standard users can also assign other users permissions to their clusters. +- **User-Base:** User-Base users have login-access only. + You cannot update or delete the built-in Global Permissions. This section covers the following topics: @@ -63,22 +65,22 @@ Administrators can enforce custom global permissions in multiple ways: ### Custom Global Permissions Reference -The following table lists each custom global permission available and whether it is included in the default global permissions, `Administrator` and `Standard User`. +The following table lists each custom global permission available and whether it is included in the default global permissions, `Administrator`, `Standard User` and `User-Base`. -| Custom Global Permission | Administrator | Standard User | -| ---------------------------------- | ------------- | ------------- | -| Create Clusters | ✓ | ✓ | -| Create RKE Templates | ✓ | ✓ | -| Manage Authentication | ✓ | | -| Manage Catalogs | ✓ | | -| Manage Cluster Drivers | ✓ | | -| Manage Node Drivers | ✓ | | -| Manage PodSecurityPolicy Templates | ✓ | | -| Manage Roles | ✓ | | -| Manage Settings | ✓ | | -| Manage Users | ✓ | | -| Use Catalog Templates | ✓ | ✓ | -| User Base\* (Basic log-in access) | ✓ | ✓ | +| Custom Global Permission | Administrator | Standard User | User-Base | +| ---------------------------------- | ------------- | ------------- |-----------| +| Create Clusters | ✓ | ✓ | | +| Create RKE Templates | ✓ | ✓ | | +| Manage Authentication | ✓ | | | +| Manage Catalogs | ✓ | | | +| Manage Cluster Drivers | ✓ | | | +| Manage Node Drivers | ✓ | | | +| Manage PodSecurityPolicy Templates | ✓ | | | +| Manage Roles | ✓ | | | +| Manage Settings | ✓ | | | +| Manage Users | ✓ | | | +| Use Catalog Templates | ✓ | ✓ | | +| User Base\* (Basic log-in access) | ✓ | ✓ | | > \*This role has two names: > @@ -169,4 +171,4 @@ To refresh group memberships, 1. From the **Global** view, click **Security > Users.** 1. Click **Refresh Group Memberships.** -**Result:** Any changes to the group members' permissions will take effect. \ No newline at end of file +**Result:** Any changes to the group members' permissions will take effect.