Manage RBAC via Console

Before You Start #

• You must have an active Enterprise key
• You must have TLS enabled on your cluster
• You must have an Authentication Provider (IdP) set up
  • Auth0
  • Okta
• Review the Roles & Permissions.
• Review the User Types
• Confirm you have the right role(s) to grant a user access to a given resource (e.g., you have the projectOwner role on a given project you wish to add other users to)
• Cluster-level admin roles are not currently implementable via Console

How to Assign Roles to a User #

On a Project #

Roles granted at the Project level are inherited by all repositories within that project. If you grant a user repoReader on a project, they will have repoReader on all repositories within that project and that role will not be removable on the repo level.

1. Log in to the Pachyderm Console.
2. Scroll to a project you wish to add a user to.
3. Select the ellipsis icon

   

   > Edit Project Roles

   

4. Select a User Type from the dropdown:
   • user: an individual by name or email address; requires that user’s email address be registered or available to your IdP (e.g., either explicitly listed or allowed via your email domain)
   • group: a group of users; requires that your IdP supports groups tied to an email address
   • robot: a service account
   • allClusterUsers: all users on the cluster
5. If not allClusterUsers, provide a name or email address.
6. Select a Role from the dropdown.
   • projectViewer: Can view the project and see a list of its repositories.
   • projectWriter: projectViewer permissions + can also create repositories.
   • projectOwner: projectWriter permissions + can also delete repositories and modify role bindings.
   • repoReader: Can read every repository in the project.
   • repoWriter repoReader permissions + can also push to every repository in the project.
   • repoOwner repoWriter permissions + can also delete repositories and modify role bindings.
7. Select Add.
8. Select Done.

💡

You can add more roles to a user by selecting the plus icon

and remove them by selecting the X icon

.

On a Repository #

Roles granted at the Repository level are not inherited by other repositories within that project. This is useful if you want to grant a user repoReader on a single repository within a project, but not on all repositories within that project.

1. Log in to the Pachyderm Console.
2. Select a View Project on the project containing the repository you wish to add a user to.
3. Select the repo (either from the DAG view or the List view).
4. Select Set Roles.

   

5. Select a User Type from the dropdown.
6. If not allClusterUsers, provide a name or email address.
7. Select a Role from the dropdown.
8. Select Add.
9. Select Done.