1. Release Notes
    1. Release Notes - 2.0.2Latest
    1. Release Notes - 2.0.1
    1. Release Notes - 2.0.0
  1. Introduction
    1. Introduction
    1. Features
    1. Architecture
    1. Advantages
    1. Glossary
  1. Installation
    1. Intruction
      1. Intro
      2. Port Requirements
    1. Install on Linux
      1. All-in-One Installation
      2. Multi-Node Installation
      3. Installing HA Master and Etcd Cluster
      4. Storage Configuration Instruction
    1. Install on Kubernetes
      1. Prerequisites
      2. Online Installation
      3. Offline Installation
    1. Related Tools
      1. Integrating Harbor Registry
    1. Cluster Operation
      1. Adding New Nodes
      2. High Risk Operation
      3. Uninstalling KubeSphere
  1. Quick Start
    1. Getting Started with Multitenancy
    1. Exposing your APP using Ingress
    1. Deploying a MySQL Application
    1. Deploying a Wordpress Website
    1. Job to compute π to 2000 places
    1. Deploying Grafana using APP Template
    1. Creating Horizontal Pod Autoscaler
    1. S2i: Publish your app without Dockerfile
    1. Canary Release of Microservice APP
    1. CI/CD based on Spring Boot Project
    1. Building a Pipeline in a Graphical Panel
    1. CI/CD based on GitLab and Harbor
    1. Ingress-Nginx for Grayscale Release
  1. Cluster Admin Guide
    1. Multi-tenant Management
      1. Overview of Multi-tenant Management
      2. Overview of Role Management
    1. Platform Management
      1. Account Management
      2. Platform Roles Management
    1. Infrastructure
      1. Service Components
      2. Nodes
      3. Storage Classes
    1. Monitoring Center
      1. Physical Resources
      2. Application Resources
    1. Application Repository
    1. Jenkins System Settings
  1. User Guide
    1. Application Template
    1. Workloads
      1. Deployments
      2. StatefulSets
      3. DaemonSets
      4. Jobs
      5. CronJobs
    1. Storage
      1. Volumes
    1. Network & Services
      1. Services
      2. Routes
    1. Configuration Center
      1. Secret
      2. ConfigMap
      3. Image Registry
    1. Project Settings
      1. Basic Information
      2. Member Roles
      3. Project Members
      4. Internet Access
    1. DevOps Project
      1. DevOps Project Management
      2. DevOps Project Management
      3. DevOps Project Management
      4. DevOps Project Management
      5. DevOps Project Management
  1. Development Guide
    1. Preparing the Development Environment
    1. Development Workflow
  1. API Documentation
    1. API Guide
    1. How to invoke KubeSphere API
KubeSphere®️ 2020 All Rights Reserved.

Platform Roles Management

As mentioned in Account-Management, role management is also a very important part of user management. Role management is used to manage the role information and authorities of platform users. Role is an identity generalization of the certain group of people with common characteristics. In the role management module, we need to describe the role information and set permission rules, so that admin can easily identify the characteristics of roles, and give corresponding role identities to different users to manage resources in a more fine-grained way. The platform has preset three common roles, i.e. cluster-admin, wordspace-manager and cluster-regular, as well as supports admin to add custom roles. This document describes the permissions of built-in roles and how to customize new roles.


You need an account for the cluster-admin role, then sign in KubeSphere.

Create roles

Before creating a new role, understand what permissions the built-in cluster role has.

Built-in cluster role:

Built-in Roles Description
cluster-admin cluster-admin can manage all the resources in the cluster.
workspaces-manager Manage all the workspaces in the cluster and the projects and engineering resources below.
cluster-regular Regular users, they do not have any resource operation rights before they are invited to join the workspace.

The cluster-admin can view all the roles in the platform. If the above built-in roles do not meet the actual needs, the cluster-admin can customize the platform roles and permission rules.

Click Platform, then select Platform Roles and click Create.

create platform role

Authority Settings

  1. Fill in the basic information.

  2. Name: a concise name for the application repository can help users to browse and search.

  3. Description: introduce the role in detail. When users want to know more about this role, this part will become particularly important.

  4. Authority settings, which support fine-grained control of all resource operations (such as workspace, monitoring, account, role, storage class, etc.) in the platform. If a certain operation has been checked, it means that the user will have corresponding permissions.

Note: Delete operation is not reversible for resources in the platform, so choose carefully.

permission Settings

Edit or delete roles

To modify the basic information or permission rules of the role, click "..." button on the right side of the role list to edit or delete the role.