Skip to main content
Astra Control Center
A newer release of this product is available.

Manage roles

Contributors netapp-dbagwell netapp-rlithman

You can manage roles by adding namespace constraints and restricting user roles to those constraints. This enables you to control access to resources within your organization. You can use the Astra Control UI or the Astra Control API to manage roles.

Add a namespace constraint to a role

An Admin or Owner user can add namespace constraints.

Steps
  1. In the Manage Your Account navigation area, select Account.

  2. Select the Users tab.

  3. In the Actions column, select the menu button for a user with the Member or Viewer role.

  4. Select Edit role.

  5. Enable the Restrict role to constraints check box.

    The check box is only available for Member or Viewer roles. You can select a different role from the Role drop-down list.

  6. Select Add constraint.

    You can view the list of available constraints by namespace or by namespace label.

  7. In the Constraint type drop-down list, select either Kubernetes namespace or Kubernetes namespace label depending on how your namespaces are configured.

  8. Select one or more namespaces or labels from the list to compose a constraint that restricts roles to those namespaces.

  9. Select Confirm.

    The Edit role page displays the list of constraints you've chosen for this role.

  10. Select Confirm.

    On the Account page, you can view the constraints for any Member or Viewer role in the Role column.

Note If you enable constraints for a role and select Confirm without adding any constraints, the role is considered to have full restrictions (the role is denied access to any resources that are assigned to namespaces).

Remove a namespace constraint from a role

An Admin or Owner user can remove a namespace constraint from a role.

Steps
  1. In the Manage Your Account navigation area, select Account.

  2. Select the Users tab.

  3. In the Actions column, select the menu button for a user with the Member or Viewer role that has active constraints.

  4. Select Edit role.

    The Edit role dialog displays the active constraints for the role.

  5. Select the X to the right of the constraint you need to remove.

  6. Select Confirm.

For more information