Before you get started, make sure you:
✓ Familiarize yourself with TSB concepts
✓ Install the TSB demo environment
✓ Deploy the Istio Bookinfo sample app
✓ Create a Tenant
✓ Create a Workspace
✓ Create Config Groups
In this scenario, you will use the different
AccessBindings to configure two
- A policy that grants a team full access to a Workspace. The members of the
team will be able to create and fully manage the resources in that Workspace,
but won't be able to modify the Workspace object itself. This is achieved by
- A policy that grants a specific user write permissions to a Group. The user
will be able to modify the settings for that group and its contained
configuration objects but won't be able to create new resources or delete the
existing ones. This is achieved by using the
Using the UI
- Under Tenant on the left panel, select Workspaces.
- Click the desired Workspace to access its details page.
- Click the Permissions tab.
- To see the list of teams, select the By Teams option.
- The list of existing teams will appear.
- Scroll to the desired one and click the Edit icon on the right.
- Select the
- Click the Save Changes button at the bottom right.
To grant write permissions to a user to a specific config group, repeat the same process for the Group:
- Navigate to the Group's Permissions tab.
- Use the By Users view to find the desired User.
- Click the Edit icon and select the
- Click the Save Changes button at the bottom right
Create the following
access-policy.yaml file with the
WorkspaceAccessBindings and the
- role: rbac/creator
# Change the name of the team to the desired one
- team: organizations/tetrate/teams/application-team
- role: rbac/writer
# Change the name of the user to the desired one
- user: organizations/tetrate/users/group-user
tctl apply -f access-policy.yaml