With the introduction of the Portainer.io Role-Based Access Control (RBAC) extension, it is now possible to further refine the access privileges available natively within Portainer through the addition of four new roles.
With a GUI based tool like Portainer, you can leave the complex CLI commands behind and focus on delivering outstanding software. Portainer CE lets you skip up the learning curve and get your docker environments up and running quickly. Once you are up and running, Portainer CE gives you the tools (and the built-in knowledge of our experts) to keep your environments up.
Once licensed and enabled, the extension allows you to create fine-grained access for users across all resources and all endpoints defined within Portainer.
A role is a predefined set of privileges. Privileges define rights to perform actions. Users are assigned roles and each role has specific privileges. To assign privileges, you pair a user or team with a role and associate that pairing with an endpoint or endpoint group.
A single user or team can have different roles for different endpoints in the Portainer inventory.
The access control available with this extension is sophisticated and can become complex. Here is an example:
Assume that you have two endpoints defined in your inventory, Production and Development. You assign the Developers team the Endpoint Administrator role against Development, and the Helpdesk role against Production.
You then assign the IT Ops team the Endpoint Administrator role against Production, and the Helpdesk role against Development.
In an Agile team, there may be a developer who also needs rights to make changes in Production, and in that instance, you can override roles assigned to teams with a role assigned to a specific user, so in this example, the user Bob who is a member of the Developers team, could have the Endpoint Administrator role assigned to him (but not the rest of his team) for Production.
Outside of these four roles, there is the built-in role of “Administrator” which is effectively a “Global Admin”. A user assigned this role has complete control over Portainer settings, and all resources on every endpoint under Portainer control.
Note: The Portainer RBAC Extension requires Portainer CE version 1.21.0 or later
Take a closer look at what the new RBAC extension offers here
Extension subscriptions are available from the Extensions menu in the sidebar of the Portainer app. Alternatively,purchase a license for the RBAC extension here. The RBAC extension is licensed per Portainer instance per year. Upon completion of the purchase process the appropriate license will be emailed automatically.
Portainer is unable to offer a trial license on this product. However a 90 day money back guarantee applies to all purchases
To download the user guides for the RBAC extension, please click here
Take advantage of our cost effective support options to keep your Portainer environments running smoothly
Add a range of advanced capability through Portainer Extensions
Access the detailed function reference here