Use the Tanzu Mission Control console to see the identities (users, groups, and service accounts) in your organization and click to see mapped roles, resources, and other details.
When you create a role binding in an access policy for an resource,
Tanzu Mission Control creates a mapping of the identity (user, group, or service account), the role, and the resource. This mapping defines an access policy. The User permissions page in the
Tanzu Mission Control console shows these access policy details from the perspective of the identity, so you can see the roles with which they are associated and the resources (such as clusters, workspaces, and organization) to which they have access.
Prerequisites
Make sure you have the appropriate permissions to view identities and roles.
- To view the identities and roles in your organization, you must be associated with the organization.admin role.
Procedure
- Click Access management in the left navigation pane of the Tanzu Mission Control console, and then click User permissions.
The table on the User permissions page lists the identities in your organization. You can filter the table to more quickly find the identity you're looking for.
- To view more details for a given identity, click on a link in the row for the identity.
- Click an identity name to see the resources that the identity has access to and the roles they are associated with for that resource. From here, you can drill down further to see the details for each role. You can also access the role binding editor for a resource from the context menu.
- Click the resource type or the role to see the role bindings that the identity has for each resource.
