Role-based Access Control for Logging
Rancher logging has two roles, logging-admin
and logging-view
.
-
logging-admin
gives users full access to namespacedFlows
andOutputs
-
logging-view
allows users to view namespacedFlows
andOutputs
, andClusterFlows
andClusterOutputs
Why choose one role over the other?
Edit access to |
In Rancher, the cluster administrator role is the only role with full access to all rancher-logging
resources. Cluster members are not able to edit or read any logging resources. Project owners and members have the following privileges:
Project Owners | Project Members |
---|---|
able to create namespaced |
only able to view the |
can collect logs from anything in their projects' namespaces |
cannot collect any logs in their projects' namespaces |
Both project owners and project members require at least one namespace in their project to use logging. If they do not, then they may not see the logging button in the top nav dropdown.