Roles in SPIRL
SPIRL uses roles to manage permissions. The following access roles are installed by default:
- Auditor
- Operator
- Administrator
- Owner
Roles are hierarchial. In general, each subsequent role has the permissions of the previous role plus some additional permissions. For example, Operator has Auditor permissions and the ability to create and modify clusters.
The following table illustrates permissions allowed by each role:
| Auditor | Operator | Manager | Administrator | Owner | |
|---|---|---|---|---|---|
| Invite user |
| ||||
| Change user role |
| ||||
| Delete user |
| ||||
| Create trust domain |
|
| |||
| Delete trust domain |
|
| |||
| List trust domains |
|
|
|
|
|
| Add cluster |
|
|
|
| |
| Disable cluster |
|
|
|
| |
| Delete cluster |
|
|
|
| |
| List clusters |
|
|
|
|
|
| Create trust domain deployment |
|
|
| ||
| Delete trust domain deployment |
|
|
| ||
| List trust domain deployments |
|
|
|
|
|
| Create service account |
|
| |||
| List service accounts |
|
|
|
|
|
| Delete service account: 1 |
|
| |||
| Create CI/CD profile |
|
|
|
| |
| Delete CI/CD profile |
|
|
|
| |
| List CI/CD profiles |
|
|
|
|
|
Footnotes
-
Service accounts can be deleted by their owner, or by an administrator. ↩