Devtron K8s Dashboard
  • Getting Started
    • Overview of Dashboard
    • Prerequisites
    • Install Modern Kubernetes Dashboard
  • User Guide
    • Explore Kubernetes Resources
      • Overview Page
      • Discover and Manage Resources
      • Nodes and Operations
      • Pod Management and Debugging
      • Cluster Terminal
      • Add Monitoring Dashboards/Graphs
      • Run Kubectl Commands Locally
    • Use Resource Watcher
    • Manage Helm Apps
    • Manage Argo CD Apps
    • Manage Flux CD Apps
    • Chart Store
      • Examples
        • Deploying MySQL Helm Chart
        • Deploying MongoDB Helm Chart
  • Operator Guide
    • Projects
    • Clusters
    • OCI Registry
    • Chart Repositories
    • Manage Authorization (RBAC)
      • SSO Login Services
        • Google
        • GitHub
        • GitLab
        • Microsoft
        • LDAP
        • OIDC
          • Keycloak
          • Okta
        • OpenShift
      • User Permissions
      • Permission Groups
      • API Tokens
    • External Links
    • Catalog Framework
    • Charts and Chart Store
    • Show/Hide Argo CD App Listing
    • Show/Hide Flux CD App Listing
    • Configure GUI Schema for Manifests
    • Configure Lock Schema for Manifests
  • Resources
    • Glossary
    • FAQ
Powered by GitBook
On this page
  • Add User
  • Assign Super admin permission
  • Assign Specific permissions
  • Edit User Permissions
Export as PDF
  1. Operator Guide
  2. Manage Authorization (RBAC)

User Permissions

PreviousOpenShiftNextPermission Groups

Last updated 6 months ago

Add User

To add a user, go to the Authorization > User Permissions section of Global Configurations. Click Add user.

There are two types of permissions in Devtron:

Permission Type
Description

Specific permissions

  • Helm Apps

  • Kubernetes Resources

Super admin permission

Assign Super admin permission

To assign a super admin access, go to the Authorization > User Permissions section of Global Configurations.

  • Click Add user.

  • Provide the email address of a user. You can add more than one email address. Please note that email address must be same as that in the email field in the JWT token returned by OIDC provider.

  • Select Super admin permission and click Save.

Note:

  • Only users with Super admin permission can assign super admin permissions to a user.

  • We suggest that super admin access must be given to the selected users only.

Assign Specific permissions

To assign a specific permission, go to the Authorization > User Permissions section of Global Configurations.

  • Click Add user.

  • Provide the email address of a user. You can add more than one email address. Please note that email address must be same as that in the email field in the JWT token returned by OIDC provider.

  • Select Specific permissions.

  • Select the group permission from the drop-down list, if required.

Helm Apps Permissions

In Helm Apps option, you can provide access to a user to manage permission for Helm apps deployed from Devtron or outside Devtron.

Provide the information in the following fields:

Registry Type
Credentials

Project

Select a project from the drop-down list to which you want to give permission to the user. You can select only one project at a time. Note: If you want to select more than one project, then click Add row.

Environment or cluster/namespace

Select the specific environment or all existing environments in default cluster from the drop-down list. Note: If you select all existing + future environments in default cluster option, then a user gets access to all the current environments including any new environment which gets associated with the application later.

Application

Select the specific application or all applications from the drop-down list corresponding to your selected Environments. Note: If All applications option is selected, then a user gets access to all the current applications including any new application which gets associated with the project later .

Role

  • View only

  • View & Edit

  • Admin

You can add multiple rows for Helm app permission.

Once you have finished assigning the appropriate permissions for the users, Click Save.

Kubernetes Resources Permissions

Note: Only super admin users will be able to see Kubernetes Resources tab and provide permission to other users to access Resource Browser.

To provide Kubernetes resource permission, click Add permission.

On the Kubernetes resource permission, provide the information in the following fields:

Registry Type
Credentials

Cluster

Select a cluster from the drop-down list to which you want to give permission to the user. You can select only one cluster at a time. Note: To add another cluster, then click Add another.

Namespace

Select the namespace from the drop-down list.

API Group

Select the specific API group or All API groups from the drop-down list corresponding to the K8s resource.

Kind

Select the kind or All kind from the drop-down list corresponding to the K8s resource.

Resource name

Select the resource name or All resources from the drop-down list to which you want to give permission to the user.

Role

  • View

  • Admin

Role-based Access Levels

Devtron supports the following levels of access:

  1. View only: User with View only access has the least privilege. This user can only view the combination of environments and helm charts whose access is granted to that user. This user cannot view sensitive data like secrets used in the charts.

  2. View and Edit: User with View and Edit access can view as well as edit the helm charts whose access is granted to that user.

  3. Admin: User with Admin access can create, edit, delete, and view permitted Helm apps in the permitted projects.

User Roles
View
Deploy
Edit
Delete

View Only

Yes

No

No

No

View and Edit

Yes

Yes

Yes

No

Admin

Yes

Yes

Yes

Yes

You can add multiple rows for Kubernetes resource permission.

Once you have finished assigning the appropriate permissions for the users, Click Save.

Edit User Permissions

You can edit the user permissions by clicking the edit icon.

Edit the user permissions.

After you have done editing the user permissions, click Save.

If you want to delete the user/users with particular permissions, click Delete.

Selecting option allows you to manage access and provide the accordingly for:

Selecting option will get full access to Devtron resources and the rest of the options will not be available.

A user now will have a access.

Selecting Specific permission option allows you to manage access and provide the accordingly for

Select one of the to which you want to give permission to the user:

In Kubernetes Resources option, you can provide permission to view, inspect, manage, and delete resources in your clusters from page in Devtron. You can also create resources from the Resource Browser.

Select one of the to which you want to give permission to the user and click Done:

Direct user permissions cannot be edited if you're using / for SSO and 'auto-assign permission' is enabled. Permissions can only be in such a scenario.

Resource Browser
Super admin
role-based access
Helm Apps
Kubernetes Resources
Specific permission
role-based access
Super admin permission
roles
roles
LDAP
Microsoft
managed via permission groups