The Global Project Scope holds a group of resources, in a logical grouping, to a specific project. Users and Teams with
specific Roles can be associated with the Project, Cluster, or Cluster Profile you create.
Palette has adopted the security principle of least privilege. Each user is assigned Roles and Permissions to the
Scopes, Resources, and Components. The Permissions format is resourceKey.operation
, where resourceKey refers to a
resource or the API functionality, and operation refers to the action or activity allowed.
To view a list of the predefined roles and permissions, go to Tenant Settings > Roles, and you will find the
list of Global Roles. If you need to extend your permissions, use the Create Role option.
Below is the predefined list of Roles and Permissions for the Global Project Scope:
Role Name | Description |
---|
App Deployment Admin | Provides administrative privilege to perform all the App operations on App resources. |
App Deployment Editor | Allows the user to perform edit operations on an App but not to create or delete an App. |
App Deployment Viewer | Allows the user to view all the App resources but not to make modifications. |
- App Deployment Admin
- App Deployment Editor
- App Deployment Viewer
| Create | Delete | Get | List | Update | Import | Publish | Backup | Restore |
---|
appDeployment | √ | √ | √ | √ | √ | | | | |
appProfile | | | √ | √ | | | | | |
cloudaccount | | | √ | √ | | | | | |
clusterGroup | | | √ | √ | | | | | |
location | √ | √ | √ | √ | √ | | | | |
machine | | | √ | √ | | | | | |
macro | √ | √ | √ | √ | √ | | | | |
packRegistry | | | √ | √ | | | | | |
project | | | √ | √ | | | | | |
sshKey | √ | √ | √ | √ | √ | | | | |
tag | | | | | √ | | | | |
virtualCloudconfig | √ | √ | √ | √ | √ | | | | |
virtualCluster | √ | √ | √ | √ | √ | | | | |
| Create | Delete | Get | List | Update | Import | Publish | Backup | Restore |
---|
appDeployment | | | √ | √ | √ | | | | |
appProfile | | | √ | √ | | | | | |
cloudaccount | | | √ | √ | | | | | |
clusterGroup | | | √ | √ | | | | | |
location | | | √ | √ | √ | | | | |
machine | | | √ | √ | | | | | |
macro | | | √ | √ | | | | | |
packRegistry | | | √ | √ | | | | | |
project | | | √ | √ | | | | | |
sshKey | | | √ | √ | √ | | | | |
tag | | | | | √ | | | | |
virtualCloudconfig | | | √ | √ | √ | | | | |
virtualCluster | | | √ | √ | √ | | | | |
| Create | Delete | Get | List | Update | Import | Publish | Backup | Restore |
---|
appDeployment | | | √ | √ | | | | | |
appProfile | | | √ | √ | | | | | |
cloudaccount | | | √ | √ | | | | | |
clusterGroup | | | √ | √ | | | | | |
location | | | √ | √ | | | | | |
machine | | | √ | √ | | | | | |
macro | | | √ | √ | | | | | |
packRegistry | | | √ | √ | | | | | |
project | | | √ | √ | | | | | |
sshKey | | | √ | √ | | | | | |
virtualCloudconfig | | | √ | √ | | | | | |
virtualCluster | | | √ | √ | | | | | |
Role Names | Description |
---|
App Profile Admin | Provides administrative privilege to perform all the App operations on App profile resources. |
App Profile Editor | Allows the user to perform edit operations on App profiles but not to create or delete an App profile. |
App Profile Viewer | Allows the user to view all the App profile resources but not to modify them. |
- App Profile Admin
- App Profile Editor
- App Profile Viewer
| Create | Delete | Get | List | Update | Import | Publish | Backup | Restore |
---|
appProfile | √ | √ | √ | √ | √ | | | | |
macro | √ | √ | √ | √ | √ | | | | |
packRegistry | | | √ | √ | | | | | |
project | | | √ | √ | | | | | |
| Create | Delete | Get | List | Update | Import | Publish | Backup | Restore |
---|
appProfile | | | √ | √ | √ | | | | |
macro | | | √ | √ | √ | | | | |
packRegistry | | | √ | √ | | | | | |
project | | | √ | √ | | | | | |
| Create | Delete | Get | List | Update | Import | Publish | Backup | Restore |
---|
appProfile | | | √ | √ | | | | | |
macro | | | √ | √ | | | | | |
packRegistry | | | √ | √ | | | | | |
project | | | √ | √ | | | | | |
Role Names | Description |
---|
Project Admin | The Project Admin role is a closure of all the project operations. It is a administrative privilege for the project resources |
Project Editor | The Project Editor role can perform edit operations within a project, but the user is not able to create or delete a project |
Project Viewer | The Project Viewer will be able to view all the resources within a project, but not privileged to make modifications |
- Project Admin
- Project Editor
- Project Viewer
| Create | Delete | Get | List | Update | Import | Publish | Backup | Restore |
---|
audit | | | √ | √ | | | | | |
cloudaccount | √ | √ | √ | √ | √ | | | | |
cloudconfig | √ | √ | √ | √ | √ | | | | |
cluster | √ | √ | √ | √ | √ | √ | | | |
clusterProfile | √ | √ | √ | √ | √ | | √ | | |
clusterRbac | √ | √ | √ | √ | √ | | | | |
dnsMapping | √ | √ | √ | √ | √ | | | | |
edgehost | √ | √ | √ | √ | √ | | | | |
location | √ | √ | √ | √ | √ | | | | |
machine | √ | √ | √ | √ | √ | | | | |
macro | √ | √ | √ | √ | √ | | | | |
packRegistry | | | √ | √ | | | | | |
privateGateway | √ | √ | √ | √ | √ | | | | |
project | | | √ | √ | √ | | | | |
sshKey | √ | √ | √ | √ | √ | | | | |
tag | | | | | √ | | | | |
workspace | √ | √ | √ | √ | √ | | | √ | √ |
| Create | Delete | Get | List | Update | Import | Publish | Backup | Restore |
---|
audit | | | √ | √ | | | | | |
cloudaccount | | | √ | √ | √ | | | | |
cloudconfig | √ | | √ | √ | √ | | | | |
cluster | | | √ | √ | √ | | | | |
clusterProfile | | | √ | √ | √ | | √ | | |
clusterRbac | | | √ | √ | √ | | | | |
dnsMapping | | | √ | √ | √ | | | | |
edgehost | | | √ | |