Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within an enterprise. In this context, access is the ability of an individual user to perform a specific task, such as view, create, or modify a file. Permissions are the rules associated with objects that specify which users can access the object and what operations they can perform.
RBAC
| Name | Policy | Description | Requirements |
|---|
| policy.entity.read | read | Allows the user to read permission policies / roles | X |
| policy.entity.create | create | Allows the user to create permission policies / roles | X |
| policy.entity.update | update | Allow the user to update permission policies / roles | X |
| policy.entity.delete | delete | Allow the user to delete permission policies / roles | X |
Scaffolder
| Name | Policy | Description | Requirements |
|---|
| scaffolder.action.execute | | Allows the execution of an action from a template | scaffolder.template.parameter.read, scaffolder.template.step.read |
| scaffolder.template.parameter.read | read | Allows the user to read parameters of a template | scaffolder.template.step.read |
| scaffolder.template.step.read | read | Allows the user to read steps of a template | scaffolder.template.paramater.read |
| scaffolder.task.read | read | | X |
| scaffolder.task.create | create | | X |
| scaffolder.task.cancel | use | | X |
Catalog
| Name | Policy | Description | Requirements |
|---|
| catalog.entity.read | read | Allows the user to read from the catalog | X |
| catalog.entity.create | create | Allows the user to create catalog entities | catalog.location.create |
| catalog.entity.refresh | update | Allows the user to refresh one or more catalog entities | catalog.entity.read |
| catalog.entity.delete | delete | Allows the user to delete one or more catalog entities | catalog.entity.read |
| catalog.location.read | read | Allows the user to read one or more catalog locations | catalog.entity.read |
| catalog.location.create | create | Allows the user to create one or more catalog locations | catalog.entity.create |
| catalog.location.delete | delete | Allows the user to delete one or more catalog locations | catalog.entity.delete |
| Name | Policy | Description | Requirements |
|---|
| admin.access.read | read | | X |
| apiManagement.access.read | read | | X |
| cluster.explorer.public.environment.read | read | Show Cluster Environment | X |
| cluster.explorer.read | read | Show Cluster View | X |
| github.workflows.create | create | Start new github workflow | X |
| github.workflows.read | read | Show github workflow | X |
| gitlab.pipelines.create | create | Start new gitlab workflow | X |
| gitlab.pipelines.read | read | Show gitlab workflow | X |
| kong.service.manager.create | create | Configure Plugins | X |
| kong.service.manager.delete | delete | Remove PLugins | X |
| kong.service.manager.read | read | Visualize | X |
| kong.service.manager.update | update | Update PLugins | X |