Use Tanzu Mission Control to edit the custom roles created for your organization.

As an administrator, you can create custom roles to meet the needs of your organization. After a role has been created, you cannot modify the name or visibility of the role, but you can edit the permissions and rules that it contains.


Make sure you have the appropriate permissions.
  • To edit or create a custom role, you must be associated with the orginization.admin role for the organization.

Log in to the Tanzu Mission Control console, and then go to the Administration page.


  1. On the Administration page in the Tanzu Mission Control console, click the Roles tab.
  2. Click on the custom role you want to modify.
    You cannot modify the Tanzu built-in roles.
  3. On the custom role detail page, click Actions (on the top right of the page), and then choose Edit from the dropdown.
  4. You can optionally edit the description.
  5. Edit the permissions you want to include by selecting or deselecting the appropriate checkboxes.
    To view permissions that are not already included, click the Hide unselected permissions toggle.
  6. Edit the Kubernetes RBAC rules as necessary.
    • To remove a rule, click its delete icon.
    • To add a new rule, enter the parameters and then click Add Rule.
    • To change an existing rule, click to adjust the parameters.
  7. You can optionally click Deprecate to toggle the prevention of new role bindings from using the custom role.
    This action is helpful when you are preparing to remove a role from your organization.
  8. Click Save.