RBAC Roles and Permissions
Overview
Role-Based Access Control (RBAC) in Thalassa Cloud provides fine-grained access control through roles and permissions. RBAC allows you to define what actions users, teams, and service accounts can perform on specific resources.
RBAC Components
Roles
Roles define sets of permissions that can be assigned to subjects (organisation members, teams, or service accounts):
- Predefined Roles: Common role templates for typical use cases
- Custom Roles: Create custom roles with specific permission combinations
- Granular Permissions: Define access at the resource and permission level
Role Bindings
Role bindings connect roles to subjects and define the scope of access, by assigning roles to individual members, teams, or service accounts.
Permissions
Permissions define specific actions that can be performed on resources:
- Permissions, such as Create, read/list, update, delete operations on resources
- Api Resource
Creating Custom Roles
Step 1: Role Definition
- Navigate to IAM: Go to the IAM section in your organisation dashboard
- Select “Roles”: Click on the “Roles” tab
- Create Custom Role: Click “Create Role” button
- Role Details: Fill in the role information:
- Role Name: Choose a descriptive name (e.g., “frontend-developer”, “data-analyst”)
- Description: Provide a clear description of the role’s purpose
Step 2: Permission Rule Assignment
Assign specific permissions to the role:
- Select Resources: Choose the resources this role can access
- Define Permissions: Specify what permissions/actions can be performed on each resource
Role Binding Management
Creating Role Bindings
Individual Binding:
- Navigate to the subject’s management page
- Click “Add Role Binding”
- Select the role to assign
- Define the binding scope (resources, time limits)
- Apply the role binding
From the roel:
- Navigate to the role page
- Click “Bind Role” on the role bindings table
- Select the principal to bind the role to.
- Click submit.