English

Manage Roles After the RBAC Refactor

This guide explains how to work with roles in ACP 4.2 and later:

View platform-provided roles (read-only) and download their YAML
Update or delete native Kubernetes roles
Manage RoleBinding/ClusterRoleBinding objects from the Roles UI or from user/user-group pages

View Platform Roles (Read-Only)

Platform roles remain the canonical templates for core functionality.

In the left navigation bar, click Users > Platform Roles.
Use the list filters to locate a role. The Role Type column now shows Platform, Project, Namespace, or Cluster.
Click the role name to open the detail page.
Switch to the YAML tab to inspect the exact definition. Use Download YAML if you need to archive the spec.

NOTE

Create/Copy/Update/Delete actions are intentionally disabled. To request changes, submit a role-template update to the owning product team.

Update a Kubernetes Role

Navigate to Users > Platform Roles > Kubernetes Roles.
Search by name or label.
Click the role name, then open the YAML tab.
Click Edit, modify the manifest (labels, annotations, or rules), and click Save.
Review the RoleBindings tab to ensure existing bindings still meet your expectations.

Delete a Kubernetes Role

On the Kubernetes Roles list, click the overflow menu (…) next to the role.
Select Delete Role.
Confirm the role name to proceed.

Deleting a role removes it from the cluster. You must also clean up any RoleBindings that referenced the role. The UI will show a warning if bindings are still present.

Manage RoleBindings

From the Role Perspective

Open a role (Role or ClusterRole) from the Kubernetes Roles tab.
Go to the RoleBindings tab.
Use the search bar (supports name and label filters) to locate existing bindings.
Actions:
- Create RoleBindings: Launches the creation wizard.
- Update Role: Opens the YAML editor for the role itself.
- Delete Binding: Removes the RoleBinding/ClusterRoleBinding after confirmation.

From Users or User Groups

Open Users (or User Groups) and select the desired entry.
Switch to the Kubernetes Roles tab.
Review all RoleBindings associated with the user/group across clusters.
Click Add RoleBinding, choose:
- Cluster
- Binding type (RoleBinding/ClusterRoleBinding)
- Role/ClusterRole
- Namespace (for RoleBinding)
- Subject details
Save the binding.

This workflow complements the existing Platform Roles tab, which is still used to attach system roles to users.

Best Practices

Use staging clusters to validate YAML changes before applying them to production.
Keep role definitions under version control (for example, export them into Git) so that changes remain auditable.
When in doubt about required permissions, start from a system role`s YAML, copy it locally, and adapt it as a Kubernetes role through the new UI.

View full docs as PDF

Manage Roles After the RBAC Refactor

This guide explains how to work with roles in ACP 4.2 and later:

View platform-provided roles (read-only) and download their YAML
Update or delete native Kubernetes roles
Manage RoleBinding/ClusterRoleBinding objects from the Roles UI or from user/user-group pages

View Platform Roles (Read-Only)

Platform roles remain the canonical templates for core functionality.

In the left navigation bar, click Users > Platform Roles.
Use the list filters to locate a role. The Role Type column now shows Platform, Project, Namespace, or Cluster.
Click the role name to open the detail page.
Switch to the YAML tab to inspect the exact definition. Use Download YAML if you need to archive the spec.

NOTE

Create/Copy/Update/Delete actions are intentionally disabled. To request changes, submit a role-template update to the owning product team.

Update a Kubernetes Role

Navigate to Users > Platform Roles > Kubernetes Roles.
Search by name or label.
Click the role name, then open the YAML tab.
Click Edit, modify the manifest (labels, annotations, or rules), and click Save.
Review the RoleBindings tab to ensure existing bindings still meet your expectations.

Delete a Kubernetes Role

On the Kubernetes Roles list, click the overflow menu (…) next to the role.
Select Delete Role.
Confirm the role name to proceed.

Deleting a role removes it from the cluster. You must also clean up any RoleBindings that referenced the role. The UI will show a warning if bindings are still present.

Manage RoleBindings

From the Role Perspective

Open a role (Role or ClusterRole) from the Kubernetes Roles tab.
Go to the RoleBindings tab.
Use the search bar (supports name and label filters) to locate existing bindings.
Actions:
- Create RoleBindings: Launches the creation wizard.
- Update Role: Opens the YAML editor for the role itself.
- Delete Binding: Removes the RoleBinding/ClusterRoleBinding after confirmation.

From Users or User Groups

Open Users (or User Groups) and select the desired entry.
Switch to the Kubernetes Roles tab.
Review all RoleBindings associated with the user/group across clusters.
Click Add RoleBinding, choose:
- Cluster
- Binding type (RoleBinding/ClusterRoleBinding)
- Role/ClusterRole
- Namespace (for RoleBinding)
- Subject details
Save the binding.

This workflow complements the existing Platform Roles tab, which is still used to attach system roles to users.

Best Practices

Use staging clusters to validate YAML changes before applying them to production.
Keep role definitions under version control (for example, export them into Git) so that changes remain auditable.
When in doubt about required permissions, start from a system role`s YAML, copy it locally, and adapt it as a Kubernetes role through the new UI.

ACP CLI (ac)

Node Management

Managed Clusters

Import Clusters

Public Cloud Cluster Initialization

Network Initialization

Storage Initialization

How to

How to

Backup Management

Recovery Management

Guides

How To

Kube OVN

alb

Trouble Shooting

Concepts

Guides

How To

Troubleshooting

Object Storage

Guides

How To

Install

Concepts

Guides

How To

Disaster Recovery

Concepts

Guides

How To

Guides

How To

ALB Operator

Compliance

HowTo

API Refiner

User

Guides

Group

Guides

Role

Guides

IDP

Guides

Troubleshooting

User Policy

Guides

Overview

Images

Guides

How To

Virtual Machine

Guides

How To

Troubleshooting

Network

Guides

How To

Storage

Guides

Backup and Recovery

Guides

Concepts

Namespaces

Creating Applications

Operation and Maintaining Applications

Application Rollout

KEDA(Kubernetes Event-driven Autoscaling)

How To

Workloads

Configurations

Application Observability

How To

How To

Install

How To

Overview

Install

Upgrade