Within Portainer’s Role Base Access Control (RBAC) extension:
- Role is a predefined set of privileges.
- Privileges define rights to perform actions.
- Users are assigned roles and each role has specific privileges.
- To assign privileges, you pair a user or team with a role and associate that pairing with an endpoint or endpoint group.
- A single user or team can have different roles for different endpoints in the Portainer inventory.
There are four types of roles:
1) Endpoint Administrator has complete control over the resources deployed within a given endpoint, but is not able to make any changes to the infrastructure that underpins an endpoint (i.e. no host management), nor are they able to make any changes to Portainer internal settings.
2) Helpdesk has read-only access over the resources deployed within a given endpoint but is not able to make any changes to any resource, nor open a console to a container, or make changes to a container’s volumes.
3) Standard User has complete control over the resources that a user deploys, or if the user is a member of a team, complete control over the resources that users of that team deploy.
4) Read-Only User has read onlyread-only access over the resources they are entitled to see (resources created by members of their team, and public resources).
The Administrator role sits outside of these four roles, and effectively acts as a “Global Admin”. A user assigned this role has complete control over Portainer settings, and all resources on every endpoint under Portainer control.
The RBAC extension is licensed per Portainer instance per year. Upon completion of the purchase process the appropriate license will be emailed automatically.Portainer is unable to offer a trial license on this product. However a 90 day money back guarantee applies to all purchases.
NOTE: To use this extension, you must be running Portainer version 1.21.0 orhigher. Please check the version you are using in the bottom left of your Portainer instance.