Skip to main content

Permissions

You can assign permissions individually to groups. This applies for generel permission for access your products and project in the NWS Customer Interface and for product specific permissions like access to APIs, e.g. the Openstack API.

Generel Permissions

You can grant the following permissions to groups for accessing your projects in the NWS Customer Interface.

Permissions

  • Access: can view the product in the NWS Customer Interface.
  • Manage: can change the product settings, resource and other. For example, restart an app, create or delete a virtual machine, upgrade a kubernetes cluster
  • Destroy: can delete the product and recall the contract.
  • Billing: can view and download the bills which have been issued.

Openstack

You can grant the following Openstack Roles to groups which allows the group members to use the Openstack APIs and the Openstack Webinterface.

Roles

  • Member: can create, change and delete resources
  • Reader: can list and show resources

The reader role is not yet available!

If a group's access rights to an OpenStack project are revoked, the members of the group can continue to access the project for up to 8 hours in their active session.  

Kubernetes

You can grant the following Kubernetes Roles to groups which allows the group members to use the Kubernetes API. Please note that these rights relate to all clusters in the Kubernetes project.

Roles

  • Admin: can create, change, and delete resources 
  • Reader: can list and show all resources

Have a look at the clusterrole cluster-admin and view for all details, e.g. kubectl get clusterrole view -o yaml

Get an overview of your permissions with kubectl auth can-i --list