Access Control

Overview

Supports granting and revoking access permissions to Kubernetes clusters managed by the organization for QueryPie users and groups. Access Control represents the final step in implementing and applying Kubernetes access permissions.

Administrator > Kubernetes > K8s Access Control > Access Control

Viewing Access Control Status

Administrator > Kubernetes > K8s Access Control > Access Control > List Details

Navigate to Administrator > Kubernetes > K8s Access Control > Access Control menu.
You can search by user/group name using the search box in the top left of the table.
You can refresh the user/group list using the refresh button in the top right of the table.
The table list exposes the following information for each user/group:
1. User Type : User/group type
2. Provider : Represents the ledger of the user/group
3. Name : User/group name
4. Members : List of members belonging to the group
5. Roles : Number of granted Roles
Click on a row in the Access Control list to move to the detailed page for the target user/group.
1. Roles
2. This is the default tab where you can view the list of granted Roles.
3. You can search by Role name.
4. The list exposes the following information for each Role:
  1. Name : Role name
  2. Description : Role detailed description
  3. Expiration Date : Expiration date
  4. Last Access At : Last call date and time for the role
  5. Granted At : Date and time when the Role was granted to the user/group
  6. Granted By : Administrator name who granted the Role to the user/group
5. Click on each Role row to provide detailed information of the Role in drawer format.
  1. Basic information is exposed at the top as follows:
    1. Name : Role name
      - (You can open the Role detailed page link in a new window.)
    2. Description : Role detailed description
    3. Granted At : Date and time when the Role was granted to the user/group
    4. Granted By : Administrator name who granted the Role to the user/group
    5. Last Access At : Last call date and time for the role
    6. Expiration Date : Expiration date
  2. Policies assigned to the role are exposed as a list at the bottom.
    1. Name : Policy name
      - (Provides a link to view policy information.)
    2. Description : Policy detailed description
    3. Version : Policy version
    4. Assigned At : Assignment date and time
    5. Assigned By : Administrator name who assigned the policy
6. Clusters
  1. Lists Kubernetes clusters accessible through granted Roles.
  2. You can search by Cluster name and Role name.
  3. The list exposes the following information for each cluster:
    1. Name : Cluster name
    2. Version : Kubernetes version
    3. API URL : Cluster API URL
    4. Cloud Provider : Connected platform (displayed as hyphen for manual clusters)
    5. Tags : List of tags attached to the cluster
    6. Role : List of related Roles
    7. Created At : Cluster initial creation date and time
    8. Updated At : Cluster last modification date and time

Processing Method for Granted Roles with Expired Expiration Date

For Roles that have reached the Expiration Date among Roles granted to users or groups, the following actions occur:
- The Role row is automatically removed from the Roles tab in the Access Control detailed page.
- The cluster row that was accessible through the Role is automatically removed from the Clusters tab in the Access Control detailed page.
- A “Role Revoked” log is left in Audit > Kubernetes > Kubernetes Role History with Action By marked as “System”.