Warning
This page was translated from the original Japanese version by PLaMo Translate. The Japanese version is authoritative; the English translation may contain inaccuracies.
Roles in PFCP
This section describes the available roles within PFCP and the operations permitted for each role.
Role Types
PFCP supports two primary role types: Organization Administrator and Regular User.
Organization Administrator
- Has full administrative privileges over all operations within their organization.
- Possesses equivalent
adminpermissions to the Kubernetes standard roles for the root namespace and all sub-namespaces of the Kubernetes cluster.
Regular User
- Can utilize the Kubernetes cluster associated with their organization.
- Has equivalent
editpermissions to the Kubernetes standard roles for the root namespace of the Kubernetes cluster. - By default, has no permissions for sub-namespaces. Additional permissions must be granted through RoleBindings.
- Cannot perform user management operations.
Operation Summary
Cluster Usage
| Operation | Organization Administrator | Regular User |
|---|---|---|
| Kubernetes CLI setup | o | o |
| [Kubernetes resource operations] | ||
| Root namespace: Equivalent to admin 1 in Kubernetes standard roles | o | |
| Root namespace: Equivalent to edit 2 in Kubernetes standard roles | o | o |
| Sub-namespace: Equivalent to admin 1 in Kubernetes standard roles | o | |
| Sub-namespace: Permissions granted individually via RoleBinding | N/A | o3 |
| Creation/deletion of sub-namespaces | o | |
| Checking resource quotas | o | o |
User Management
| Operation | Organization Administrator | Regular User |
|---|---|---|
| Inviting/deleting users | o | |
| Changing user permissions | o | |
| Creating/deleting user groups | o | |
| Adding/removing users to/from user groups | o | |
| Creating/deleting integrations with external identity providers | o |
-
Unlike standard Kubernetes
adminroles, certain resource permissions have been modified to remove some privileges while adding permissions for custom resources used by PFCP. This role is defined through theorg-adminClusterRole. For detailed permission specifications, please refer to the documentation pages for each resource. ↩ ↩2 -
Similar to
org-admin, these permissions differ partially from standard Kuberneteseditroles. They are defined through theorg-editClusterRole. For detailed permission specifications, please refer to the documentation pages for each resource. ↩ -
The granted permissions vary depending on the Role associated with RoleBindings. For detailed information on RoleBindings, please refer to Permission Configuration (RBAC). ↩