Role-based access
- oleksandr_haimanov
This document provides a comprehensive overview of role-based access controls (RBAC) across our infrastructure. It delineates the permissions assigned to the Development, QA, and AQA teams concerning Rancher clusters, Kubernetes namespaces, and Jenkins folders. The goal is to ensure clarity, maintain security, and facilitate efficient collaboration among teams.
Rancher
To outline the level of access each team has to the specified Rancher clusters and namespaces.
Cluster Name | Namespace Name | Development Team | QA Team | AQA Team |
|---|---|---|---|---|
folio-(e)testing | All | Read-only | Read-only | Read-only |
folio-(e)dev | Self NS | Owner |
|
|
folio-(e)dev | Another's NS | Read-only* | Read-only* | Read-only* |
folio-(e)perf | Self NS | Owner |
|
|
folio-(e)perf | Another's NS | Read-only* | Read-only* | Read-only* |
* Access granted by Development team as needed.
Jenkins
To detail the permissions each team has for various folders within the Jenkins server.
Folder name | Development Team | QA Team | AQA Team |
|---|---|---|---|
| Read, Build, Cancel | Read, Build, Cancel | Read, Build, Cancel |
| Read, Build, Cancel | Read, Build, Cancel | Read, Build, Cancel |
| Read, Build, Cancel | Read, Build, Cancel | Read, Build, Cancel |
| Read | Read | Read |
| Read | Read | Read |
| Read | Read | Read |
| Read | Read | Read |
Notes:
“Build, Cancel” access allows the team to trigger and cancel jobs within the folder.
“Read-only” access permits viewing job logs, reports and statuses without modification rights.