Project Membership
Members are users or teams that are granted access to a project. Each member is assigned a role that define their permissions. These roles will be granted to each of the allowed clusters of the project. Only users and teams that are members of the project have access to the project's allowed clusters.
If you don't have a project, you can create one by following instructions here.
Project Roles​
There are 3 default roles available for every project.
| Name | Create New Spaces / Virtual Clusters | Access Spaces / Virtual Clusters | Create Without Template | Create With Template | Access to Project Secrets |
|---|---|---|---|---|---|
| Project admin | Yes | All Spaces and Virtual Clusters | Yes | Yes | Yes |
| Project User | Yes | Only owned and with explicit permission | No | Yes | Yes |
| Project Viewer | No | Only with explicit permission | No | No | Only in Spaces and Virtual Clusters with permission |
Global admins can change these existing roles as well as add new project roles in the Users section of the platform.
Click the Users at the botton of the left sidebar.
In the Users page, click the Global Roles at the top. Then click the Create Role.
Fill the display name of the role and other information if necessary.
warningThe created role will be a global role by default. To create the role as a project role, add the
loft.sh/project-role: 'true'in the labels of the role CRD configuration on the right side of the page.Add the project role configurationapiVersion: management.loft.sh/v1
kind: ClusterRoleTemplate
metadata:
name: ''
labels:
loft.sh/project-role: 'true'
spec:
management: trueClick the Create Role button at the right bottom of the page.
If you created a project role, you can click the Project Settings, and then find the display name of the created project role in the dropdown menu of the role for each member under the Members and Roles section.
Users​
Any user can be made members of a project. Follow the instructions below to add and assign roles to users, or remove them from the project.
Add users​
Select the project you'd like to configure using the drop down menu. Click on Settings.
Click on Members.
Click on the Users tab.
Click the Users input and select the user to add. The table below will update to add the selected user. If you wish to change this manually, you may edit the YAML directly.
Select the role to assign the user.
Once all project options have been specified, click the .
Instead of adding every user, a special selection named All Users can be used to give all platform users access to the project. Use this option with caution.
Remove users​
Select the project you'd like to configure using the drop down menu. Click on Settings.
Click on Members.
Click on the Users tab.
Click the trash can icon next to the user that you'd like to remove. If you wish to change this manually, you may edit the YAML directly.
Once all project options have been specified, click the .
Teams​
Instead of having to assign individual users, teams can be used to assign multiple users to a proejct.
Add teams​
Select the project you'd like to configure using the drop down menu. Click on Settings.
Click on Members.
Click on the Teams tab.
Click the Teams input and select the team to add. The table below will update to include the selected team. If you wish to change this manually, you may edit the YAML directly.
Select the role to assign the team.
Once all project options have been specified, click the .
Remove teams​
Select the project you'd like to configure using the drop down menu. Click on Settings.
Click on Members.
Click on the Teams tab
Click the trash can icon next to the team that you'd like to remove. If you wish to change this manually, you may edit the YAML directly.
Once all project options have been specified, click the .