KKP (Kubermatic Kubernetes Platform) defines three roles for managing user permissions: owner, editor, and viewer. These roles are hierarchical, meaning each role inherits the permissions of the one below it:
- Viewer: Provides read-only access to view project (tenancy) resources.
- Editor: Includes all permissions of the viewer, with the additional ability to create, edit, and delete clusters within the project.
- Owner: Includes all permissions of the editor, with the added capability to manage permissions and access for the project.
These roles in KKP are mapped to IAM roles, and assigning a role to a user is managed through IAM.
The IAM roles and their corresponding KKP roles are as follows:
- ewc-app-admin → Owner
- ewc-app-maintainer → Editor
- ewc-app-user → Viewer