Provide user access to clusters, cluster groups, and Spaces

You can define who has access to a cluster, cluster groups, and Spaces in your organization by using role-based access control (RBAC) on Tanzu Platform for Kubernetes. Tanzu uses secure-by-default RBAC to manage user permissions at each level of the hierarchical structure for your organization.

Each object is protected by an access policy that defines who has access to that resource. The policies are inherited down through the organizational hierarchy.

Provide access to a Space

You can set up user access to a Space in your Project by using the Tanzu CLI.

  1. Set your context to the Tanzu Project by running:

    tanzu project use <project-name>

  2. (Optional) List the Spaces in the Project by running:

    tanzu space list

  3. Select the Space to which you want to add the user by running:

    tanzu space use <space-name>

  4. Add the user to the Space by running:

    tanzu rbac rolebinding create <name> --user <email-address> --role <role-name>

    Where <role-name> is the role, such as space.admin.

Provide access to a cluster or cluster group

You can set up user access to a cluster or cluster group in your Project by using Tanzu Platform hub or the Tanzu CLI.

Tanzu Platform hub
Do the following in Tanzu Platform hub:
  1. On the left navigation pane, go to Policies > Cluster Access. You can see all the cluster groups in your Project. Click a cluster group to see the clusters in the cluster group.
  2. Click the cluster or cluster group to which you would like to provide a user access.
  3. Click Create Role Binding at the top right.
  4. Enter a name for the role binding.
  5. Select a role with the permissions that you want to give the user.
  6. Enter the email address for the user.
  7. Click Add.
Tanzu CLI
Run the following Tanzu CLI command: 
tanzu operations iam add-binding -s clustergroup -n <cluster-group-name> -r clustergroup.admin -u \
<email-address>
check-circle-line exclamation-circle-line close-line
Scroll to top icon