RBAC for resources in the UI

You can use Kubernetes RBAC to authorize users to view resources in the Gloo UI. To do so, you must use the Gloo UI dashboard settings to specify how to map users that were authenticated with the OIDC provider to users and their associated RBAC roles in the cluster.

RBAC permissions to view resources

To control access to Gloo Mesh Enterprise resources, you set up Kubernetes RBAC. Users’ RBAC permissions control what resources they can see in the Gloo UI.

Minimum permissions: To see resources in the Gloo UI, a user must have view permissions to at least 1 workspace settings resource in RBAC.

Review the following table for more details about what users can see with certain permissions. The header row is if a user has permission only to that resource.

Permission Workspace Workspace setting Kubernetes cluster Resource in workspace Resource NOT in workspace Imported resource*
Resource details within the workspace
Workspace summary details, such as number of namespaces or services
Cluster details, such as cluster names, Kubernetes version, and Istio version

* The visibility of imported resources depends on your access to the workspace settings. With access to the importing workspace settings only, you can see summary information such as the number of imported resources. With access to both the importing and exporting workspace settings, you can also see the resource details.