Access Control

Overview

Supports granting and revoking access permissions to Kubernetes clusters managed by the organization for QueryPie users and groups. Access Control represents the final step in implementing and applying Kubernetes access permissions.

Administrator > Kubernetes > K8s Access Control > Access Control

Viewing Access Control Status

Administrator > Kubernetes > K8s Access Control > Access Control > List Details

Navigate to Administrator > Kubernetes > K8s Access Control > Access Control menu.
You can search by user/group name using the search box at the top left of the table.
You can refresh the user/group list using the refresh button at the top right of the table.
The table displays the following information for each user/group:
1. User Type : User/group type
2. Provider : Represents the identity source of the user/group
3. Name : User/group name
4. Members : List of members belonging to the group
5. Roles : Number of granted Roles
Clicking a row in the Access Control list navigates to the detail page for the target user/group.
1. Roles
1. This is the default tab where you can view the list of granted Roles.
2. You can search by Role name.
3. The list displays the following information for each Role:
  1. Name : Role name
  2. Description : Role description
  3. Expiration Date : Expiration date
  4. Last Access At : Date and time of the last invocation of the Role
  5. Granted At : Date and time when the Role was granted to the user/group
  6. Granted By : Name of the administrator who granted the Role to the user/group
4. Clicking each Role row displays the detailed information of the Role in a drawer format.
1. Basic information is displayed at the top as follows:
  1. Name : Role name
    - (You can open the Role detail page link in a new window.)
  2. Description : Role description
  3. Granted At : Date and time when the Role was granted to the user/group
  4. Granted By : Name of the administrator who granted the Role to the user/group
  5. Last Access At : Date and time of the last invocation of the Role
  6. Expiration Date : Expiration date
2. The policies assigned to the Role are displayed as a list at the bottom.
  1. Name : Policy name
    - (Provides a link to view the policy information.)
  2. Description : Policy description
  3. Version : Policy version
  4. Assigned At : Assignment date and time
  5. Assigned By : Name of the administrator who assigned the policy
3. Clusters
1. Lists the Kubernetes clusters accessible through the granted Roles.
2. You can search by Cluster name or Role name.
3. The list displays the following information for each cluster:
  1. Name : Cluster name
  2. Version : Kubernetes version
  3. API URL : Cluster API URL
  4. Cloud Provider : Connected platform (displayed as a hyphen for manual clusters)
  5. Tags : List of tags attached to the cluster
  6. Role : List of related Roles
  7. Created At : Cluster initial creation date and time
  8. Updated At : Cluster last modification date and time

How Granted Roles with an Expired Expiration Date Are Handled

For Roles that have reached the Expiration Date among Roles granted to users or groups, the following actions occur:
- The Role row is automatically removed from the Roles tab on the Access Control detail page.
- The cluster row that was accessible through the Role is automatically removed from the Clusters tab on the Access Control detail page.
- A “Role Revoked” log is recorded in Audit > Kubernetes > Kubernetes Role History, and Action By is marked as “System”.