RBAC for resources in the UI

Review how Gloo Mesh uses RBAC policies to decide what Gloo Mesh resources to display in the Gloo Mesh UI.

You can use Kubernetes RBAC to authorize users to view resources in the Gloo Mesh UI. To do so, you must use the Gloo Mesh UI dashboard settings to specify how to map users that were authenticated with the OIDC provider to users and their associated RBAC roles in the cluster.

RBAC permissions to view resources

To control access to Gloo Mesh resources, you set up Kubernetes RBAC. Users’ RBAC permissions control what resources they can see in the Gloo Mesh UI.

Minimum permissions: To see resources in the Gloo Mesh UI, a user must have view permissions to at least 1 workspace settings resource in RBAC.

Review the following table for more details about what users can see with certain permissions. The header row is if a user has permission only to that resource.

Permission Workspace Workspace setting Kubernetes cluster Resource in workspace Resource NOT in workspace Imported resource*
The resource's own YAML configuration file
Resource details within the workspace
Workspace summary details, such as number of namespaces or services
Cluster details, such as cluster names, Kubernetes version, and Istio version

* The visibility of imported resources depends on your access to the workspace settings. With access to the importing workspace settings only, you can see summary information such as the number of imported resources. With access to both the importing and exporting workspace settings, you can also see the resource details.