Updated on 2024-09-18 GMT+08:00

Authentication and Access

UCS provides refined permission management based on the role access control (RBAC) capability of IAM and Kubernetes. Permission control can be implemented by UCS service resource and Kubernetes resource in a cluster. The two permission types apply to different resource types and are granted using different methods.

  • UCS resource permissions are granted based on the system policies of IAM. UCS resources include fleets, clusters, and federation instances. Administrators can grant different permissions to different user roles (such as development and O&M) to control their use of UCS resources.
  • Kubernetes resource permissions in a cluster are granted based on the Kubernetes RBAC capability. Refined permissions can be granted to Kubernetes resource objects in a cluster. With permission settings, the permissions for performing operations on different Kubernetes resource objects (such as workloads, jobs, and services) will vary with users.

For more information about permission management, see Permissions.