English

Create Kubernetes Roles

Starting from ACP 4.2, custom permissions are delivered through native Kubernetes roles. Use the Kubernetes Roles page (located under Users > Platform Roles > Kubernetes Roles) to create or manage Role and ClusterRole objects in the currently selected cluster.

Prerequisites

You are assigned a platform role that grants access to the Kubernetes Roles feature.
You have selected the target cluster in the global cluster switcher.
The cluster already contains any namespaces that your role will scope to.

Create a Role or ClusterRole

In the left navigation bar, click Users > Platform Roles > Kubernetes Roles.
Click Create Role.
In the drawer:
- Enter the Name (must satisfy Kubernetes naming rules).
- Choose the Type (Role or ClusterRole).
- If you selected Role, pick the Namespace that scopes the permissions.
Configure rules by adding one or more entries with:
- API Groups
- Resources
- Resource Names (optional)
- Verbs (get, list, watch, create, update, patch, delete)
Click Create.

The role is created directly inside the cluster and becomes available for RoleBinding operations immediately.

Edit Role YAML (Optional)

Open the Kubernetes Roles tab and click the role name.
On the YAML tab, click Edit.
Update fields such as labels, annotations, or rules.
Click Save to apply the changes.

Create RoleBindings

To grant the newly created role to users or groups:

While viewing a role, switch to the RoleBindings tab.
Click Create RoleBindings.
Provide:
- Name
- Binding Type (RoleBinding or ClusterRoleBinding — only RoleBinding is available when the source is a namespace-scoped role)
- Namespace (for RoleBinding)
- Subjects (User, Group, or ServiceAccount with the corresponding name)
Click Create.

Alternatively, open the Users or User Groups page, switch to the Kubernetes Roles tab, and create bindings directly from the user perspective.

Verify

Use one of the following methods to confirm the role exists:

kubectl get role <role-name> -n <namespace>
kubectl get clusterrole <clusterrole-name>

Or refresh the Kubernetes Roles list and use the built-in search (by name or label) to locate the role.

View full docs as PDF

Create Kubernetes Roles

Prerequisites

You are assigned a platform role that grants access to the Kubernetes Roles feature.
You have selected the target cluster in the global cluster switcher.
The cluster already contains any namespaces that your role will scope to.

Create a Role or ClusterRole

In the left navigation bar, click Users > Platform Roles > Kubernetes Roles.
Click Create Role.
In the drawer:
- Enter the Name (must satisfy Kubernetes naming rules).
- Choose the Type (Role or ClusterRole).
- If you selected Role, pick the Namespace that scopes the permissions.
Configure rules by adding one or more entries with:
- API Groups
- Resources
- Resource Names (optional)
- Verbs (get, list, watch, create, update, patch, delete)
Click Create.

The role is created directly inside the cluster and becomes available for RoleBinding operations immediately.

Edit Role YAML (Optional)

Open the Kubernetes Roles tab and click the role name.
On the YAML tab, click Edit.
Update fields such as labels, annotations, or rules.
Click Save to apply the changes.

Create RoleBindings

To grant the newly created role to users or groups:

While viewing a role, switch to the RoleBindings tab.
Click Create RoleBindings.
Provide:
- Name
- Binding Type (RoleBinding or ClusterRoleBinding — only RoleBinding is available when the source is a namespace-scoped role)
- Namespace (for RoleBinding)
- Subjects (User, Group, or ServiceAccount with the corresponding name)
Click Create.

Alternatively, open the Users or User Groups page, switch to the Kubernetes Roles tab, and create bindings directly from the user perspective.

Verify

Use one of the following methods to confirm the role exists:

kubectl get role <role-name> -n <namespace>
kubectl get clusterrole <clusterrole-name>

Or refresh the Kubernetes Roles list and use the built-in search (by name or label) to locate the role.

ACP CLI (ac)

Node Management

Managed Clusters

Import Clusters

Public Cloud Cluster Initialization

Network Initialization

Storage Initialization

How to

How to

Backup Management

Recovery Management

Guides

How To

Kube OVN

alb

Trouble Shooting

Concepts

Guides

How To

Troubleshooting

Object Storage

Guides

How To

Install

Concepts

Guides

How To

Disaster Recovery

Concepts

Guides

How To

Guides

How To

ALB Operator

Compliance

HowTo

API Refiner

User

Guides

Group

Guides

Role

Guides

IDP

Guides

Troubleshooting

User Policy

Guides

Overview

Images

Guides

How To

Virtual Machine

Guides

How To

Troubleshooting

Network

Guides

How To

Storage

Guides

Backup and Recovery

Guides

Concepts

Namespaces

Creating Applications

Operation and Maintaining Applications

Application Rollout

KEDA(Kubernetes Event-driven Autoscaling)

How To

Workloads

Configurations

Application Observability

How To

How To

Install

How To

Overview

Install

Upgrade