mirror of
https://github.com/rancher/rancher-docs.git
synced 2026-05-06 05:03:27 +00:00
Marty Hernandez Avedon
27 lines
1.3 KiB
Markdown
27 lines
1.3 KiB
Markdown
---
|
|
title: Role-based Access Control for Logging
|
|
---
|
|
|
|
<head>
|
|
<link rel="canonical" href="https://ranchermanager.docs.rancher.com/integrations-in-rancher/logging/rbac-for-logging"/>
|
|
</head>
|
|
|
|
Rancher logging has two roles, `logging-admin` and `logging-view`.
|
|
|
|
- `logging-admin` gives users full access to namespaced `Flows` and `Outputs`
|
|
- `logging-view` allows users to *view* namespaced `Flows` and `Outputs`, and `ClusterFlows` and `ClusterOutputs`
|
|
|
|
:::note Why choose one role over the other?
|
|
|
|
Edit access to `ClusterFlow` and `ClusterOutput` resources is powerful. Any user with it has edit access for all logs in the cluster.
|
|
|
|
:::
|
|
|
|
In Rancher, the cluster administrator role is the only role with full access to all `rancher-logging` resources. Cluster members are not able to edit or read any logging resources. Project owners and members have the following privileges:
|
|
|
|
Project Owners | Project Members
|
|
--- | ---
|
|
able to create namespaced `Flows` and `Outputs` in their projects' namespaces | only able to view the `Flows` and `Outputs` in projects' namespaces
|
|
can collect logs from anything in their projects' namespaces | cannot collect any logs in their projects' namespaces
|
|
|
|
Both project owners and project members require at least *one* namespace in their project to use logging. If they do not, then they may not see the logging button in the top nav dropdown. |