Access Control
The Access Control module manages users, roles, and permissions within the MAR platform.
Overview
The Access Control page provides three tabs for managing access:
- Users - Manage user accounts and their status
- Roles - Define roles and their permissions
- Role Bindings - Assign roles to users for specific scopes
Users Tab
User Properties
| Property | Description |
|---|---|
| Name | User’s display name |
| User’s email address (also used for login) | |
| Role | Assigned role |
| Status | Account status (active, inactive, pending) |
| Last Active | Time since last login |
| Projects | Projects the user has access to |
User Statuses
- Active - User can log in and access resources
- Inactive - User account is disabled
- Pending - User has been invited but hasn’t accepted
Inviting Users
- Click the Invite User button
- Enter the user’s name (optional) and email
- Select a role for the user
- Click “Send Invite”
Managing Users
- View - See user details
- Edit - Modify user properties
- Delete - Remove user from the system
Roles Tab
Role Properties
| Property | Description |
|---|---|
| Name | Role identifier |
| Description | Brief description of the role |
| Scope | Level of access (org or project) |
| Permissions | List of permissions granted |
| Users | Number of users with this role |
Role Scope
- Organization (org) - Role applies to the entire organization
- Project - Role applies to specific projects only
Available Permissions
Permissions are organized by resource type:
| Category | Permissions |
|---|---|
| Clusters | clusters:read, clusters:create, clusters:update, clusters:delete |
| Instances | instances:read, instances:create, instances:update, instances:delete, instances:start, instances:stop, instances:restart |
| Config Profiles | config-profiles:read, config-profiles:create, config-profiles:update, config-profiles:delete |
| Monitoring | monitoring:read, monitoring:write |
| Alerts | alerts:read, alerts:create, alerts:update, alerts:delete |
| Webhooks | webhooks:read, webhooks:create, webhooks:update, webhooks:delete |
| Access Control | access:read, access:manage |
Creating Roles
- Click the New Role button
- Enter role name and description
- Select scope (org or project)
- Choose permissions for the role
- Click “Create Role”
Built-in Roles
The platform includes several default roles:
- Platform Admin - Full access to all resources and settings (org scope)
- Operator - Manage clusters, instances, and configurations (project scope)
- Developer - View resources and manage deployments (project scope)
- Viewer - Read-only access to resources (project scope)
Role Bindings Tab
Role bindings connect users to roles at specific scopes.
Binding Properties
| Property | Description |
|---|---|
| User | The user assigned the role |
| Role | The role being assigned |
| Scope | The scope (org:organization or project:project) |
| Granted At | When the binding was created |
| Granted By | Who created the binding |
Managing Bindings
- View which roles are assigned to which users
- Delete bindings to remove role assignments
- Track who granted access and when
Last updated on