EWC Kubernetes Service (K8S) defines three roles for managing user permissions: owner, editor, and viewer. These roles are hierarchical, meaning each role inherits the permissions of the one below it:

• Viewer: Provides read-only access to view project (tenancy) resources.
  
  
• Editor: Includes all permissions of the viewer, with the additional ability to create, edit, and delete clusters within the project.
  
  
• Owner: Includes all permissions of the editor, with the added capability to manage permissions and access for the project.
  
  

These roles in K8S are mapped to IAM roles, and assigning a role to a user is managed through IAM.

The IAM roles and their corresponding KKP roles are as follows:

• ewc-app-admin → Owner
  
  
• ewc-app-maintainer → Editor
  
  
• ewc-app-user → Viewer