Keyboard shortcuts

Press or to navigate between chapters

Press S or / to search in the book

Press ? to show this help

Press Esc to hide this help

Warning

This page was translated from the original Japanese version by PLaMo Translate. The Japanese version is authoritative; the English translation may contain inaccuracies.

Roles in PFCP

This section describes the available roles within PFCP and the operations permitted for each role.

Role Types

PFCP supports two primary role types: Organization Administrator and Regular User.

Organization Administrator

  • Has full administrative privileges over all operations within their organization.
  • Possesses equivalent admin permissions to the Kubernetes standard roles for the root namespace and all sub-namespaces of the Kubernetes cluster.

Regular User

  • Can utilize the Kubernetes cluster associated with their organization.
  • Has equivalent edit permissions to the Kubernetes standard roles for the root namespace of the Kubernetes cluster.
  • By default, has no permissions for sub-namespaces. Additional permissions must be granted through RoleBindings.
  • Cannot perform user management operations.

Operation Summary

Cluster Usage

OperationOrganization AdministratorRegular User
Kubernetes CLI setupoo
[Kubernetes resource operations]
  Root namespace:
  Equivalent to admin 1 in Kubernetes standard roles
o
  Root namespace:
  Equivalent to edit 2 in Kubernetes standard roles
oo
  Sub-namespace:
  Equivalent to admin 1 in Kubernetes standard roles
o
  Sub-namespace:
  Permissions granted individually via RoleBinding
N/Ao3
Creation/deletion of sub-namespaceso
Checking resource quotasoo

User Management

OperationOrganization AdministratorRegular User
Inviting/deleting userso
Changing user permissionso
Creating/deleting user groupso
Adding/removing users to/from user groupso
Creating/deleting integrations with external identity providerso

  1. Unlike standard Kubernetes admin roles, certain resource permissions have been modified to remove some privileges while adding permissions for custom resources used by PFCP. This role is defined through the org-admin ClusterRole. For detailed permission specifications, please refer to the documentation pages for each resource. ↩2

  2. Similar to org-admin, these permissions differ partially from standard Kubernetes edit roles. They are defined through the org-edit ClusterRole. For detailed permission specifications, please refer to the documentation pages for each resource.

  3. The granted permissions vary depending on the Role associated with RoleBindings. For detailed information on RoleBindings, please refer to Permission Configuration (RBAC).