Alauda Container Platform

Manage User Roles

Platform administrators can manage roles for other users (not their own account) to grant or revoke permissions. After the RBAC refactor, role assignments are split into Platform Roles (system templates) and Kubernetes Roles (native RoleBinding objects).

TOC

Assign Platform Roles (System Templates)

Use this tab to bind or unbind the predefined platform/project/namespace roles that the product ships with.

Steps

  1. In the left navigation bar, click Users > User Management.
  2. Click the username of the target user.
  3. Open the Platform Roles tab.
  4. Click Add Role.
  5. In the dialog:
    • Select a role from the Role Name dropdown.
    • Choose the scope (Cluster / Project / Namespace) if prompted.
    • Click Add.
NOTE

Notes for platform roles:

  • Only the predefined system roles are available here; they cannot be edited or duplicated.
  • A role can only be bound once per scope. Already-bound roles are disabled in the dropdown.
  • The built-in Cluster Administrator role cannot be reassigned for the global cluster.

Remove Platform Roles

  1. Stay on the Platform Roles tab.
  2. Click Remove next to the role you want to unbind.
  3. Confirm the removal.

Bind Kubernetes Roles (RoleBinding / ClusterRoleBinding)

Use this tab to grant fine-grained permissions through native Kubernetes roles that exist inside specific clusters.

Steps

  1. On the user detail page, switch to the Kubernetes Roles tab.
  2. Click Add RoleBinding.
  3. Configure the binding:
    • Cluster: Target cluster that hosts the role.
    • Binding Type: RoleBinding (namespace scope) or ClusterRoleBinding.
    • Namespace: Required when RoleBinding is selected.
    • Role Name: Choose an existing Role or ClusterRole.
    • Subject: Confirm the current user as the binding subject.
  4. Click Create.

Remove Kubernetes RoleBindings

  1. Remain on the Kubernetes Roles tab.
  2. Locate the binding (filter by cluster, namespace, or role if needed).
  3. Click Remove and confirm.
WARNING

Role management permissions:

  • Only platform administrators can manage other users' roles.
  • Users cannot modify roles or bindings for their own account.