Tanzu Application Platform v1.1 includes:
Three roles are for users:
Two roles are for service accounts associated with the Tanzu Supply Chain:
The default roles provide an opinionated starting point for the most common permissions that users need when using Tanzu Application Platform. However, as described in the Kubernetes documentation about RBAC, you can create customized roles and permissions that better meet your needs. Aggregated cluster roles are used to build VMware Tanzu Application Platform default roles.
Cluster admins must be careful when creating Roles or ClusterRoles. When changing roles or adding new roles that carry one of the labels used by the default roles, the roles are automatically updated to the aggregation state. It can lead to unintentional changes in functions and permissions to all users.
The default roles are installed with every Tanzu Application Platform profile except for
view. For an overview of the different roles and their permissions, see Role Descriptions.
For more information about working with roles, see Bind a user or group to a default role.
Tanzu Application Platform GUI does not make use of the described roles. Instead, it provides the user with view access for each cluster.