This section introduces how to create users and control their access permissions using workspaces, projects, and roles. For more information on user permission control, please refer to User and Role Management.

As a multi-tenant system, KubeSphere supports controlling user permissions based on roles at the platform, cluster, workspace, and project levels, achieving logical resource isolation.

Create a User

  1. Log in to the KubeSphere web console using the default user admin and password P@88w0rd.

    Note

    For your account security, the system will prompt you to change the password upon first login. After changing the password, please use the new password for subsequent logins.

  2. Click User and Role Management.

  3. In the left navigation pane, select Users.

  4. On the Users page, click Create.

  5. In the Create User dialog box, enter the following required parameters:

    • Username: The name of the user.

    • Email: The email address of the user.

    • Password: The password for the user.

  6. Click OK. The created user will appear in the user list.

Create a Workspace

  1. Go to the Workspace Management page and click Create.

  2. On the Basic Information tab, enter a name for the workspace (e.g., demo-workspace), then click Next.

  3. On the Cluster Settings tab, select the cluster(s) to be authorized to this workspace (multiple clusters can be selected simultaneously), then click OK.

    The created workspace will appear in the workspace list.

Create a Workspace Role

  1. On the Workspace List page, click the workspace name demo-workspace to enter it.

  2. In the left navigation pane, select Workspace Settings > Workspace Roles.

    The Workspace Roles page lists the following four built-in roles by default.

    Role Description

    workspace-viewer

    Workspace viewer, can view all resources in the workspace.

    workspace-self-provisioner

    Workspace regular member, can view workspace settings, manage application templates, and create projects.

    workspace-regular

    Workspace regular member, can view workspace settings.

    workspace-admin

    Workspace administrator, can manage all resources in the workspace.
    Note

    The names of built-in workspace roles are displayed in the format <workspace-name>-<role-name>. For example, in a workspace named demo-workspace, the actual role name for admin is demo-workspace-admin.

  3. On the Workspace Roles page, click Create.

  4. In the Create Workspace Role dialog box, enter a Name, then click Edit Permissions to continue.

  5. In the Edit Permissions dialog box, permissions are categorized under different functional modules.

    In this example, click Projects, and for this role, select Project Creation, Project Management, and Project Viewing.

    Note

    Depends on indicates that the current permission item depends on the listed permission items. Checking this permission will automatically select all dependent permissions.

  6. Click OK. The newly created role will appear in the workspace role list.

Invite a User to the Workspace

  1. In the left navigation pane, select Workspace Settings > Workspace Members.

  2. On the Workspace Members page, click Invite.

  3. In the Invite Member dialog box, click the add icon to the right of the user and assign a role for the user within the current workspace.

  4. Click OK. The invited user will appear in the workspace member list.

Create a Project

  1. In the left navigation pane, select Project Management > Project List.

  2. Click Create.

  3. In the Create Project dialog box, enter a Name for the project (e.g., demo-project).

    Note

    For multi-cluster environments, you need to select the cluster where you want to create the project.

  4. Click OK. The created project will appear in the project list.

Create a Project Role

  1. In the left navigation pane, select Project Management > Project Roles.

  2. In the dropdown list at the top left of the page, select the demo-project project.

    The Project Roles page lists the following three built-in roles by default.

    Role Description

    viewer

    Project viewer, can view all resources in the project.

    operator

    Project operator, can manage all resources in the project except users and roles.

    admin

    Project administrator, can manage all resources in the project.

  3. On the Project Roles page, click Create.

  4. In the Create Role dialog box, enter a Name, then click Edit Permissions to continue.

  5. In the Edit Permissions dialog box, permissions are categorized under different functional modules.

    In this example, click Access Control, and for this role, select Member Viewing and Role Viewing.

    Note

    Depends on indicates that the current permission item depends on the listed permission items. Checking this permission will automatically select all dependent permissions.

  6. Click OK. The newly created role will appear in the project role list.

Invite a User to the Project

  1. In the left navigation pane, select Project Management > Project Members.

  2. On the Project Members page, click Invite.

  3. In the Invite Member dialog box, click the add icon to the right of the user and assign a role for the user within the current project.

  4. Click OK. The invited user will appear in the project member list.