Skip to content

Part 2: User Management

This is Part 2 of a multi-part, self paced quick start exercise.

What Will You Do

In part 2, you will

  • Add a new user (ideally a remote colleague or use a 2nd email address) to the newly created project with suitable access privileges
  • Ask the user to login into the web console and experience how RBAC is automatically enforced for users with different roles

Estimated Time

Estimated time burden for this part is 20 minutes.

Assumptions

  • You have access to a colleague that is willing to participate or you have a second email address that you can use.

Step 1: New User

In this step, you will add a new user to the newly created project from the previous part.

  • Click on Home -> System -> Users
  • Click on New User
  • Enter a valid email address for the new user, the first name, last name and Save

New User

At this point, an activation email would have been sent to the specified email address with instructions on how to access the Org. But, since the user has not be configured with any roles and permissions, they will not be access anything useful.

Step 2: Configure Roles

In this step, you will configure roles for the new user created in the prior step.

  • Under Home -> System -> Users, search for the user by their email address.

Search For User

  • Edit User and click on the Project tab (Note that the user has not been assigned to any project yet)

Edit User

  • Select the "desktop" project and select "Infrastructure Admin" role.

With this role, we will implement separation of duties by authorizing this user to manage the infrastructure (i.e. cluster), but block them from being able to manage the lifecycle of k8s workloads.

Add Role

  • Verify the user's role assignments

As you can see, this user only has access to the "desktop" project with an "Infrastructure Admin" role.

Verify Role

Step 3: New User Login

  • Login to your Org as the new user

You will notice that as we configured in the prior step, the new user can only access the "desktop" project. In addition, this user can only view and access Infrastructure related functionality. Users with this role will not have access to Applications, GitOps pipelines etc.

Infra Admin User

Clicking on the "desktop" project will take the user to the underlying resources in the project. But, notice that this user can only view Infrastructure resources and will have a different view of the desktop project relative to the Org Admin user.

Project View Infra Admin

Recap

Congratulations! In this part, you

  • Added a new user to your Org
  • Configured the new user with limited access privileges to the desktop project