Role-Based Access Control (RBAC) securely manages access control by assigning permissions to users, based on their allocated roles in Bare Metal Orchestrator. Each role has clearly defined permissions and determines the user's level of access.
Users
Users can have specific access and privileges allocated to them in Bare Metal Orchestrator depending on their assigned roles.
Roles
The following table describes the available roles in Bare Metal Orchestrator and the assigned permissions for each role.
Role | Permissions |
Global Admin | Read and write privileges on all Bare Metal Orchestrator resources across all tenants, clusters, pods, servers, sites, hardware profiles, and so on. Can create, edit, and delete users. Can assign and edit user roles. Cannot create, edit, or delete clusters. |
Support Admin | Can perform backup and restore operations. Can put Bare Metal Orchestrator in Maintenance mode. |
Operator | Read and write privileges on all Bare Metal Orchestrator resources this user can access across the cluster. |
Global Reader | Read-only access on all Bare Metal Orchestrator resources across all tenants, clusters, pods, servers, sites, hardware profiles, and so on. |
Note: If a user is assigned multiple roles, the role with highest privileges is applied. |
Examples
This YAML file generates the kubeconfig file for the Global Reader role:
username: john
password: password123
displayName: John
active: true
groups:
- value: global-reader
emails:
- value: john@dell.com
This YAML file generates the kubeconfig file for the Global Admin role:
username: kyle
password: password123
displayName: Kyle
active: true
groups:
- value: global-admin
emails:
- value: kyle@dell.com