Kubernetes roles and bindings

Role-Based Access Control is only available in Portainer Business Edition.

When managing a Kubernetes environment with Portainer, the Role-Based Access Control (RBAC) configuration is based on two components:

Kubernetes' cluster roles and namespace roles (which restrict access to Kubernetes itself)
Portainer's authorization flags (which restrict access to Portainer's functionality)

The following tables provide a reference for how our Portainer roles map to capabilities within Kubernetes.

Role Allocations

Portainer Role

Cluster Role Binding

Namespace Role Binding

Cluster Roles

portainer-basic

API Group

Resources

Verbs

portainer-helpdesk

API Group

Resources

Verbs

portainer-operator

API Group

Resources

Verbs

Namespace Roles

portainer-edit

API Group

Resources

Verbs

portainer-view

API Group

Resources

Verbs

Portainer Access Restrictions

Function

Endpoint admin

Operator

Helpdesk

Standard User

Read-only User

Community Edition

The following tables cover the two roles available in Portainer Community Edition (CE). Note there is no Portainer access restriction in Portainer CE.

Portainer Role

Cluster Role Binding

Namespace Role Binding

portainer-cr-user

API Group

Resources

Verbs

PreviousDocker roles and permissions NextDeprecated and removed features

Last updated 8 months ago