Alauda Container Platform

Manage Roles After the RBAC Refactor

This guide explains how to work with roles in ACP 4.2 and later:

  • View platform-provided roles (read-only) and download their YAML
  • Update or delete native Kubernetes roles
  • Manage RoleBinding/ClusterRoleBinding objects from the Roles UI or from user/user-group pages

TOC

View Platform Roles (Read-Only)

Platform roles remain the canonical templates for core functionality.

  1. In the left navigation bar, click Users > Platform Roles.
  2. Use the list filters to locate a role. The Role Type column now shows Platform, Project, Namespace, or Cluster.
  3. Click the role name to open the detail page.
  4. Switch to the YAML tab to inspect the exact definition. Use Download YAML if you need to archive the spec.
NOTE

Create/Copy/Update/Delete actions are intentionally disabled. To request changes, submit a role-template update to the owning product team.

Update a Kubernetes Role

  1. Navigate to Users > Platform Roles > Kubernetes Roles.
  2. Search by name or label.
  3. Click the role name, then open the YAML tab.
  4. Click Edit, modify the manifest (labels, annotations, or rules), and click Save.
  5. Review the RoleBindings tab to ensure existing bindings still meet your expectations.

Delete a Kubernetes Role

  1. On the Kubernetes Roles list, click the overflow menu (…) next to the role.
  2. Select Delete Role.
  3. Confirm the role name to proceed.

Deleting a role removes it from the cluster. You must also clean up any RoleBindings that referenced the role. The UI will show a warning if bindings are still present.

Manage RoleBindings

From the Role Perspective

  1. Open a role (Role or ClusterRole) from the Kubernetes Roles tab.
  2. Go to the RoleBindings tab.
  3. Use the search bar (supports name and label filters) to locate existing bindings.
  4. Actions:
    • Create RoleBindings: Launches the creation wizard.
    • Update Role: Opens the YAML editor for the role itself.
    • Delete Binding: Removes the RoleBinding/ClusterRoleBinding after confirmation.

From Users or User Groups

  1. Open Users (or User Groups) and select the desired entry.
  2. Switch to the Kubernetes Roles tab.
  3. Review all RoleBindings associated with the user/group across clusters.
  4. Click Add RoleBinding, choose:
    • Cluster
    • Binding type (RoleBinding/ClusterRoleBinding)
    • Role/ClusterRole
    • Namespace (for RoleBinding)
    • Subject details
  5. Save the binding.

This workflow complements the existing Platform Roles tab, which is still used to attach system roles to users.

Best Practices

  • Use staging clusters to validate YAML changes before applying them to production.
  • Keep role definitions under version control (for example, export them into Git) so that changes remain auditable.
  • When in doubt about required permissions, start from a system role`s YAML, copy it locally, and adapt it as a Kubernetes role through the new UI.