Cluster Resource Filter
The page guides you on how to create a Palette Resource Filter and add these filters to the users to establish cluster access restrictions.
Create Resource Filter
You must create a Resource Filter in Palette to establish user-based access restrictions to clusters across multiple projects. The resource filters are created under the scope of Tenant Admin. To create a resource filter, follow the steps below:
-
Log in to Palette as Tenant Admin and go to Tenant Settings from the left Main Menu.
-
Select Filters tab and click +New Resource Filter.
-
To the Create New Filter wizard give the following information:
-
Filter Name: A custom name for the tag filter.
-
A filter expression. Use the following table to familiarize yourself with the filter expression format:
Conjunction Property Operator Tag-Value and Tag is Custom tag value or Tag is Custom tag value and Tag is not Custom tag value or Tag is not Custom tag value
- Click the Confirm button to complete the filter creation wizard.
Note: The tags are case-sensitive.
Validate
Upon creating a filter, a display message will pop up to confirm the successful creation of the tag. You can also use the following steps to review the filter is available for use.
-
Navigate to the left Main Menu and click on Tentant Settings.
-
Access the Manage Filters page to find the filter name listed.
-
You can Edit and Delete filters by clicking on the three-dot Menu at the end of the row.
Add Resource Role
You can assign the resource filter created, in combination with roles, to a user to enforce access restriction. Palette provisions two types of roles:
-
Palette Global Roles, the set of roles that are available in Palette by default.
-
Custom Resource Roles, can be generated according to your requirements from the available set of permissions and operations.
Prerequisites
- A Palette account with Tenant scope privileges.
- A user created to assign the resource privileges.
To assign the resource roles and filter to the user follow the below steps:
-
Log in to Palette as Tenant Admin
-
Select the user to be assigned with a role from the Users & Teams from the left Main Menu to go to User Details.
-
From the user details wizard, select Resource Roles Tab and click + New Resource Role.
-
In the Add Roles to User wizard, enter the following details:
- Projects: The projects to which the user is assigned.
- Filers: Select the filters to be assigned from the drop-down. The Filters created will be displayed in the drop-down menu.
- Select the check box to assign the roles to the user from the list displayed. These are Palette built-in roles.
- Click Confirm to complete the Add Role wizard.
Remove or Edit the Role
To remove or edit an attached role:
-
Log in to Palette as Tenant Admin
-
From the left Main Menu click on Users & Teams. This will take you to the User Details page.
-
From the Resource Roles tab, click the three-dot menu towards the role name.
-
Click Edit or Remove option from the drop-down menu.
Validate
Upon creating a filter, a display message will pop up to confirm the successful role assignment. You can also use the following steps to review the roles created:
-
Navigate to the left Main Menu and click on Clusters.
-
This page will list all the clusters to which the user has access based on the filter created. You need to switch to each project and view the accessible clusters.