Role Permissions¶
Horizon implements a role-based access control model to manage permissions across different entities in the service.
Role Model Overview¶
Roles are defined within the context of namespaces, with the exception of the superadmin role. A user can be associated with one, several, or no namespaces at all.
GUEST: User without a specific namespace assignment, having limited access rights. This is a default role.
DEVELOPER: Users with development-related permissions.
MAINTAINER: Users with permissions similar to developers but with additional rights in certain areas.
OWNER: Users with full permissions within their owned namespaces and associated HWMs.
SUPERADMIN: Users with full system-wide permissions.
Namespace Permissions¶
Role |
Create |
Read |
Update |
Delete |
Manage Users |
|---|---|---|---|---|---|
GUEST |
|
|
|
|
|
DEVELOPER |
|
|
|
|
|
MAINTAINER |
|
|
|
|
|
OWNER |
|
|
|
|
|
SUPERADMIN |
|
|
|
|
|
HWM Permissions¶
Role |
Create |
Read |
Update |
Delete |
|---|---|---|---|---|
GUEST |
|
|
|
|
DEVELOPER |
|
|
|
|
MAINTAINER |
|
|
|
|
OWNER |
|
|
|
|
SUPERADMIN |
|
|
|
|
Superadmin Role¶
The SUPERADMIN role grants a user unrestricted access across all entities and operations within the Horizon service.
Users with the SUPERADMIN role can create, read, update, delete, and manage users across all namespaces and HWMs without any restrictions.
For details on how to update SUPERADMIN roles via the command-line script, see the Manage Admins.