Skip to main content

RBAC Permissions

Role-Based Access Control (RBAC) is a method of managing access to system resources based on user roles. Instead of assigning permissions directly to individual users, roles are created with predefined permissions, and users are assigned to these roles. This approach simplifies permission management and enhances security by reducing the risk of unauthorized access.

Each permission in the RBAC system is structured as follows:

  • Name: Identifier of the permission.
  • Policy: The action allowed by the permission (e.g., read, create, update, delete).
  • Description: Explanation of what the permission allows.
  • Requirements: Dependencies required for the permission to be granted.

1. RBAC Policies

NamePolicyDescriptionRequirements
policy.entity.readreadAllows the user to read permission policies/rolesX
policy.entity.createcreateAllows the user to create permission policies/rolesX
policy.entity.updateupdateAllows the user to update permission policies/rolesX
policy.entity.deletedeleteAllows the user to delete permission policies/rolesX

2. Scaffolder Permissions

NamePolicyDescriptionRequirements
scaffolder.action.execute-Allows execution of an action from a templatescaffolder.template.parameter.read, scaffolder.template.step.read
scaffolder.template.parameter.readreadAllows reading parameters of a templatescaffolder.template.step.read
scaffolder.template.step.readreadAllows reading steps of a templatescaffolder.template.parameter.read
scaffolder.task.readreadAllows reading scaffolder tasksX
scaffolder.task.createcreateAllows creating scaffolder tasksX
scaffolder.task.canceluseAllows canceling scaffolder tasksX

3. Catalog Permissions

NamePolicyDescriptionRequirements
catalog.entity.readreadAllows reading from the catalogX
catalog.entity.createcreateAllows creating catalog entitiescatalog.location.create
catalog.entity.refreshupdateAllows refreshing one or more catalog entitiescatalog.entity.read
catalog.entity.deletedeleteAllows deleting one or more catalog entitiescatalog.entity.read
catalog.location.readreadAllows reading catalog locationscatalog.entity.read
catalog.location.createcreateAllows creating catalog locationscatalog.entity.create
catalog.location.deletedeleteAllows deleting catalog locationscatalog.entity.delete

4. Platform Permissions

NamePolicyDescriptionRequirements
admin.access.readreadAllows reading admin access dataX
apiManagement.access.readreadAllows reading API management dataX
cluster.explorer.public.environment.readreadAllows viewing cluster environmentX
cluster.explorer.readreadAllows viewing cluster detailsX
github.workflows.createcreateAllows starting a GitHub workflowX
github.workflows.readreadAllows viewing GitHub workflowsX
gitlab.pipelines.createcreateAllows starting a GitLab pipelineX
gitlab.pipelines.readreadAllows viewing GitLab pipelinesX
kong.service.manager.createcreateAllows configuring pluginsX
kong.service.manager.deletedeleteAllows removing pluginsX
kong.service.manager.readreadAllows viewing pluginsX
kong.service.manager.updateupdateAllows updating pluginsX