Palette Global and Custom Resource Roles

Palette support two types of resource roles, global resource roles and custom resource roles:

Global Resource Roles are a set of roles built in and available to you.
Custom Resource Roles, are roles you can create in Palette using a set of permissions and operations.

To learn how to create a custom role. Review the Create Custom Role guide.

Palette Global Resource Roles

Palette provides the following built-in global resource roles:

Cluster
- Resource Cluster Admin
- Resource Cluster Editor
- Resource Cluster Viewer
Cluster Profile
- Resource Cluster Profile Admin
- Resource Cluster Profile Editor
- Resource Cluster Profile Viewer

Cluster

Role Names	Description
Resource Cluster Admin	A cluster admin in Project scope has all the privileges related to cluster operation
Resource Cluster Editor	A cluster editor in Project scope has the privileges to update, delete,get and list cluster resources. This role is not privileged for cluster creation
Resource Cluster Viewer	A cluster viewer in Project scope is a read-only privilege to cluster operations

Resource Cluster Admin
Resource Cluster Editor
Resource Cluster Viewer

Resource Cluster Admin

resourceKeys

Operations

	Create	Delete	Get	List	Update	Import
cloudaccount			√	√
cloudconfig	√	√	√	√	√
cluster	√	√	√	√	√	√
clusterProfile	√	√
clusterRbac	√	√	√	√	√
dnsMapping	√	√	√	√	√
edgehost	√	√	√	√	√
location	√	√	√	√	√
machine	√	√	√	√	√
macro	√	√	√	√	√
packRegistry	√	√
privateGateway	√	√
sshKey	√	√	√	√	√

Resource Cluster Editor

resourceKeys

Operations

	Delete	Get	List	Update
cloudaccount		√	√
cloudconfig		√	√	√
cluster		√	√	√
clusterProfile		√	√
clusterRbac		√	√	√
dnsMapping		√	√	√
edgehost		√	√	√
location		√	√	√
machine	√	√	√	√
macro		√	√	√
packRegistry		√	√
privateGateway		√	√
sshKey		√	√	√

Resource Cluster Viewer

resourceKeys

Operations

	Get	List
cloudaccount	√	√
cloudconfig	√	√
cluster	√	√
clusterProfile	√	√
clusterRbac	√	√
dnsMapping	√	√
edgehost	√	√
location	√	√
machine	√	√
macro	√	√
packRegistry	√	√
privateGateway	√	√
sshKey	√	√

Cluster Profile

The user with these permissions can manage the Cluster Profiles within a project.

Role Names	Description
Cluster Profile Admin	Cluster Profile Admin role has admin privileges to all the cluster profile operations
Cluster Profile Editor	Cluster Profile Editor role has privileges to edit and list operations on the cluster profile
Cluster Profile Viewer	Cluster Profile Viewer role has read-only privileges to cluster profiles

Resource Cluster Profile Admin
Resource Cluster Profile Editor
Resource Cluster Profile Viewer

Resource Cluster Profile Admin

resourceKeys

Operations

	Create	Delete	Get	List	Update	Publish
clusterProfile	√	√	√	√	√	√
macro	√	√	√	√	√
packRegistry	√	√

Palette Custom Resource Roles

The following is a list of platform permissions and operations supported by Palette. Use these permissions to create custom role to control the cluster access. For every Resource Keys available operations can be added as per your requirements.

List of Custom Permissions

resourceKeys

Operations

	Delete	Get	List	Update	Publish
cloudaccount		√	√
cloudconfig	√	√	√	√
cluster	√	√	√	√
clusterProfile	√	√	√	√	√
dnsMapping		√	√
location		√	√
machine		√	√
macro		√	√
packRegistry		√	√

Resources

Resource Scope Matrix

Palette Global Resource Roles​

Cluster​

Resource Cluster Admin​

Resource Cluster Editor​

Resource Cluster Viewer​

Cluster Profile​

Resource Cluster Profile Admin​

Resource Cluster Profile Editor​

Resource Cluster Profile Viewer​

Palette Custom Resource Roles​

List of Custom Permissions​

Resources​

Palette Global Resource Roles

Cluster

Resource Cluster Admin

Resource Cluster Editor

Resource Cluster Viewer

Cluster Profile

Resource Cluster Profile Admin

Resource Cluster Profile Editor

Resource Cluster Profile Viewer

Palette Custom Resource Roles

List of Custom Permissions

Resources