Permissions You can assign permissions individually to groups. This applies for generel permission for access your products and project in the NWS Customer Interface and for product specific permissions like access to APIs, e.g. the Openstack API. Generel Permissions You can grant the following permissions to groups for accessing your projects in the NWS Customer Interface. Permissions Access: can view the product in the NWS Customer Interface. Manage: can change the product settings, resource and other. For example, restart an app, create or delete a virtual machine, upgrade a kubernetes cluster Destroy: can delete the product and recall the contract. Billing: can view and download the bills which have been issued. Openstack You can grant the following Openstack Roles to groups which allows the group members to use the Openstack APIs and the Openstack Webinterface . Roles Member: can create, change and delete resources Reader: can list and show resources The reader role is not yet available! If a group's access rights to an OpenStack project are revoked, the members of the group can continue to access the project for up to 8 hours in their active session.   Kubernetes You can grant the following Kubernetes Roles to groups which allows the group members to use the Kubernetes API. Please note that these rights relate to all clusters in the Kubernetes project. Roles Admin: can create, change, and delete resources  Reader: can list and show all resources Have a look at the clusterrole cluster-admin and  view for all details, e.g. kubectl get clusterrole view -o yaml Get an overview of your permissions with kubectl auth can-i --list