Custom Roles
There are three default roles packaged within each project. You can create your own custom roles for other use cases that require only specific levels of access to Deviceplane. These custom roles can be used to determine the level of access of resources for either members or service accounts.
For each resource type, you can provide
access with the default actions (i.e. admin
,
write
,
or read
). Those actions are an umbrella
to individual actions for the resource.
Example custom roles
The following are examples of role configurations.
Access to only deploy releases
rules:- resources:- 'release'actions:- CreateRelease
Access to view and deploy applications
rules:- resources:- 'application'actions:- read, write
Resource and action reference
Besides using the default roles, you may
want to create your own custom roles, using the reference table, you would select what
resources to provide access to and the action level. For the action, you can either use
a parent action (read
, write
, admin
)
or an individual action.
Resource | Parent Action | Individual Action |
---|---|---|
project | read | GetProject |
project | admin | UpdateProject DeleteProject |
registrationtoken | write | CreateDeviceRegistrationToken |
device | read | GetDevice ListDevices |
device | write | UpdateDevice DeleteDevice SSH |
devicelabel | read | GetDeviceLabel ListDeviceLabels |
devicelabel | write | SetDeviceLabel DeleteDeviceLabel |
application | read | GetApplication ListApplications |
application | write | CreateApplication UpdateApplication DeleteApplication |
release | read | GetRelease ListReleases |
release | write | CreateRelease |
role | read | GetRole ListRoles |
role | admin | CreateRole UpdateRole DeleteRole |
membership | read | GetMembership ListMembershipsByProject |
membership | admin | CreateMembership DeleteMembership |
membershiprolebindings | read | GetMembershipRoleBindings ListMembershipRoleBindings |
membershiprolebindings | admin | CreateMembershipRoleBinding DeleteMembershipRoleBinding |
serviceaccount | read | GetServiceAccount ListServiceAccounts |
serviceaccount | admin | CreateServiceAccount UpdateServiceAccount DeleteServiceAccount |
serviceaccount | admin | CreateServiceAccount UpdateServiceAccount DeleteServiceAccount |