You can assign permissions individually to groups. This applies for generel permission for access your products and project in the NWS Customer Interface and for product specific permissions like access to APIs, e.g. the Openstack API.
You can grant the following permissions to groups for accessing your projects in the NWS Customer Interface.
- Access: can view the product in the NWS Customer Interface.
- Manage: can change the product settings, resource and other. For example, restart an app, create or delete a virtual machine, upgrade a kubernetes cluster
- Destroy: can delete the product and recall the contract.
- Billing: can view and download the bills which have been issued.
You can grant the following Openstack Roles to groups which allows the group members to use the Openstack APIs and the Openstack Webinterface
- Member: can create, change and delete resources
- Reader: can list and show resources
The reader role is not yet available!
You can grant the following Kubernetes Roles to groups which allows the group members to use the Kubernetes API. Please note that these rights relate to all clusters in the Kubernetes project.
- Admin: can create, change, and delete resources
- Reader: can list and show all resources
Have a look at the clusterrole cluster-admin and view for all details, e.g. kubectl get clusterrole view -o yaml
Get an overview of your permissions with kubectl auth can-i --list