Access Control

Overview

QueryPie supports granting and revoking access permissions for Kubernetes clusters managed by your organization to users and groups. Access Control represents the final step in implementing and applying Kubernetes access permissions.

Administrator > Kubernetes > K8s Access Control > Access Control

Viewing Access Control Status

Administrator > Kubernetes > K8s Access Control > Access Control > List Details

Navigate to the Administrator > Kubernetes > K8s Access Control > Access Control menu.
You can search for users or groups by name using the search bar at the top left of the table.
You can click the filter button next to the search field to filter by user type and/or auth provider.
You can refresh the list of users/groups by clicking the refresh button at the top right of the table.
The table provides the following column information for each user/group:
1. User Type: The type of user or group.
2. Provider: The provider associated with the user or group.
3. Name: The name of the user or group.
4. Members: The list of members within a group.
5. Roles: The number of roles granted to the user or group.
Clicking on any row in the Access Control list will display detailed information about that user/group.
1. Roles
  1. This tab is displayed by default and shows the list of assigned roles.
  2. You can search for roles by name using the search bar.
  3. The table provides the following column information for each role:
    1. Name : Role name
    2. Description : Detailed description of the role
    3. Expiration Date : Expiration date of the granted role
    4. Last Access At : The last time this role was accessed
    5. Granted At : Date and time when the role was granted
    6. Granted By : Administrator who granted the role
  4. Clicking on any row will open a drawer with detailed information about that role.
    1. The top section displays basic information as follows:
      1. Name : Role name (with a link to open the role details page in a new window)
      2. Description : Detailed description of the role
      3. Granted At : Date and time when the role was granted
      4. Granted By : Administrator who granted the role
      5. Last Access At : The last time this role was accessed
      6. Expiration Date : Expiration date of the granted role
    2. The bottom section lists policies assigned to the role, with the following details:
      1. Name : Policy name (with a link to view policy details)
      2. Description : Detailed description of the policy
      3. Version : Policy version
      4. Assigned At : Date and time when the policy was assigned
      5. Assigned By : Administrator who assigned the policy
2. Clusters
  1. Lists Kubernetes clusters accessible via the assigned roles.
  2. You can search for clusters by name and role name.
  3. The table provides the following column information for each cluster:
    1. Name : Cluster name
    2. Version : Kubernetes version
    3. API URL : API URL of the cluster
    4. Cloud Provider : Connected platform (hyphenated for manual clusters)
    5. Tags : List of tags attached to the cluster
    6. Role : List of related roles
    7. Created At : Date and time when the cluster was initially created
    8. Updated At : Date and time when the cluster was last modified

Handling of Granted Roles Upon Expiration Date

When a role assigned to a user or group reaches its expiration date, the following actions occur:
- The expired role is automatically removed from the Roles tab in the Access Control details page.
- Any clusters accessible due to the expired role are automatically removed from the Clusters tab in the Access Control details page.
- A "Role Revoked" log entry is created in the Audit > Kubernetes > Kubernetes Role History. The "Action By" field for this log entry is marked as "System".

[data-colorid=t5ax47s2f9]{color:#0747a6} html[data-color-mode=dark] [data-colorid=t5ax47s2f9]{color:#5999f8}Overview

Viewing Access Control Status

Overview