KubeSphere is a multi-tenant container management platform. Like Kubernetes, it controls user permissions through Role-Based Access Control (RBAC) to achieve logical resource isolation.

Resources in KubeSphere are divided into four levels: Platform, Workspace, Cluster, and Project. All resources belong to these four resource levels, and each level can control user resource access permissions through roles. Each level has multiple built-in roles by default, and you can also create roles with custom permissions.

The workspace, as the smallest tenant unit, provides cross-cluster resource isolation capabilities. Members in a workspace can create projects in authorized clusters and invite users to participate in project collaboration.

This section describes how to control access permissions at the platform level in KubeSphere, including the management of users and platform roles.

For access control at the cluster level, please refer to Cluster Roles. For access control at the workspace level, please refer to Workspace Roles. For access control at the project level, please refer to Project Roles.