RBAC role management using pxctl
Overview
Starting with version 2.1, Portworx introduced support for RBAC. This document outlines how to manage your own custom roles for fine-grained access control within your Portworx clusters.
Default Roles
Portworx comes with a few standard roles that you can use when issuing tokens to users:
- system.admin: can run any command
- system.view: can only run read-only commands
- system.user: can only access volume lifecycle commands
- system.guest: similar to system.user, but for public volumes only.
All of these roles are immutable, except for system.guest. Admins may update the system.guest role to change how Portworx RBAC handles unauthenticated users.
Custom Roles
pxctl role gives you more fine-grained control over what users can do within your clusters. Run the pxctl role command with the --help flag to list the available subcommands and flags.