Role based access control (RBAC)
Access Management helps you manage who has access to the specific topology elements, metric data, traces, UI elements, and which APIs they can call.
RBAC is an authorization system that provides fine-grained access management of SUSE Observability resources, a clean and easy way to audit user privileges and to fix identified issues with access rights.
What can you do with RBAC?
Here are examples of what you can do with RBAC:
-
Allow one user to have access to the development cluster only, another one to both the production and development cluster and a third can access the development cluster and only 1 namespace in the production cluster.
-
Give a small group of users an administrator role to setup and configure SUSE Observability. While giving all developers a troubleshooter role to view all topology, metrics, traces, logs and events, but with limited configuration capability.
What’s a role in SUSE Observability?
A role in SUSE Observability is a combination of a configured subject and a set of permissions. Process of setting up a role in SUSE Observability is described in How to set up roles.
Sources of RBAC roles
You can define roles in several ways. All use the same Permissions.
-
Configuration - in the helm values for SUSE Observability
-
Dynamic - use the
stsCLI -
Mapped from Kubernetes - map Kubernetes
RolesandRoleBindings