This topic describes how to manage users and groups in VMware Tanzu Kubernetes Grid Integrated Edition Management Console (TKGI MC).
On vSphere, you can add individual users or user groups to Tanzu Kubernetes Grid Integrated Edition Management Console. You can assign roles to individual users or to groups. If you assign a role to a group, all of the users in that group have that role.
For information about the roles that you can assign, see UAA Scopes for Tanzu Kubernetes Grid Integrated Edition Users.
For information about the tasks that Cluster Managers can perform, see Tanzu Kubernetes Grid Integrated Edition Architecture. The TKGI Administrator role allows users to manage the Tanzu Kubernetes Grid Integrated Edition infrastructure.
The procedure to add individual users to Tanzu Kubernetes Grid Integrated Edition Management Console is as follows.
Note: This release of Tanzu Kubernetes Grid Integrated Edition Management Console does not support assigning roles to individual LDAP or SAML users. To assign roles to LDAP or SAML users, use user groups.
Select the Users tab.
Enter a user name and enter and verify a password to create a new user account.
The password that you set must meet the following criteria:
pks.clusters.manage
: Accounts with this scope can create and access their own clusters.pks.clusters.admin
: Accounts with this scope can create and access all clusters.pks.clusters.admin.read
: Accounts with this scope can access any information about all clusters except for cluster credentials.
The procedure to add user groups to Tanzu Kubernetes Grid Integrated Edition Management Console is as follows.
Select the Groups tab.
cn=admins,ou=engineering,dc=username,dc=local
.Assign a role to the group.
pks.clusters.manage
: Accounts with this scope can create and access their own clusters.pks.clusters.admin
: Accounts with this scope can create and access all clusters.pks.clusters.admin.read
: Accounts with this scope can access any information about all clusters except for cluster credentials.Note: You must assign a role to a group when you add it. You cannot assign, change, or revoke a group role after you have added the group.
The procedure to remove individual users from Tanzu Kubernetes Grid Integrated Edition Management Console is as follows.
The procedure to remove individual users from Tanzu Kubernetes Grid Integrated Edition Management Console is as follows.