Managing Users and RBAC
Cisco Container Platform provides Role-based Access Control (RBAC) through built-in static roles, namely the Administrator and User roles. Role-based access allows you to use local accounts and LDAP for authentication and authorization.
Configuring Local Users
Cisco Container Platform allows you to manage local users. An administrator can add a user, and assign an appropriate role and cluster(s) to the user.
Caution |
Use of local authentication is not recommended and is considered less secure for production data. |
Before you begin
For more information, see Configuring AD Servers.
Procedure
Step 1 |
From the left pane, click User Management, and then click the Users tab. |
||
Step 2 |
Click NEW USER. |
||
Step 3 |
Specify information such as first name, last name, username, passphrase, and role for the user. |
||
Step 4 |
Click SUBMIT.
|
Changing Login Passphrase
Procedure
Step 1 |
From the left pane, click User Management, and then click the Users tab. |
||
Step 2 |
From the drop-down list displayed under the ACTIONS column, choose Edit corresponding to your name.
|
||
Step 3 |
Change the passphrase and role assigned as necessary, and click SUBMIT. |
Configuring AD Servers
LDAP authentication is performed using a service account that can access the LDAP database and query for user accounts. You will need to configure the AD server and service account in Cisco Container Platform.
Procedure
Step 1 |
From the left pane, click User Management, click the Active Directory tab, and then click EDIT. |
Step 2 |
In the SERVER IP ADDRESS field, type the IP address of the AD server. |
Step 3 |
In the PORT field, type the port number for the AD server. |
Step 4 |
For improved security, we recommend that you check STARTTLS. |
Step 5 |
In the BASE DN field, specify the domain name of the AD server for all the accounts that you have. |
Step 6 |
In the ACCOUNT USERNAME field, specify the service account name that is used for accessing the LDAP server. |
Step 7 |
In the PASSPHRASE field, type the passphrase of the AD account. |
Step 8 |
Click SUBMIT. |
Configuring AD Groups
Cisco Container Platform allows you to manage users using AD groups. An administrator can add users to AD groups, and then assign appropriate roles and clusters to the groups.
Before you begin
Ensure that you have configured the AD server that you want to use.
For more information on configuring AD servers, see Configuring AD Servers.
Procedure
Step 1 |
From the left pane, click User Management, and then click the Groups tab. |
||
Step 2 |
Click ADD GROUP. |
||
Step 3 |
Specify information such as the name of the AD group and the role you want to assign to the group.
|
||
Step 4 |
From the CLUSTERS drop-down list, choose the names of the cluster that you want to assign to the AD group. |
||
Step 5 |
Click SUBMIT. |