Permissions needed by non-administrators to work with migration plan components

If you are an administrator, you can work with all components of migration plans (for example, providers, network mappings, and migration plans).

By default, non-administrators have limited ability to work with migration plans and their components. As an administrator, you can modify their roles to allow them full access to all components, or you can give them limited permissions.

For example, administrators can assign non-administrators one or more of the following cluster roles for migration plans:

Table 1. Example migration plan roles and their privileges

Role	Description
`plans.forklift.konveyor.io-v1beta1-view`	Can view migration plans but not to create, delete or modify them
`plans.forklift.konveyor.io-v1beta1-edit`	Can create, delete or modify (all parts of `edit` permissions) individual migration plans
`plans.forklift.konveyor.io-v1beta1-admin`	All `edit` privileges and the ability to delete the entire collection of migration plans

Note that pre-defined cluster roles include a resource (for example, plans), an API group (for example, forklift.konveyor.io-v1beta1) and an action (for example, view, edit).

As a more comprehensive example, you can grant non-administrators the following set of permissions per namespace:

Create and modify storage maps, network maps, and migration plans for the namespaces they have access to
Attach providers created by administrators to storage maps, network maps, and migration plans
Not be able to create providers or to change system settings

Table 2. Example permissions required for non-adminstrators to work with migration plan components but not create providers

Actions	API group	Resource
`get`, `list`, `watch`, `create`, `update`, `patch`, `delete`	`forklift.konveyor.io`	`plans`
`get`, `list`, `watch`, `create`, `update`, `patch`, `delete`	`forklift.konveyor.io`	`migrations`
`get`, `list`, `watch`, `create`, `update`, `patch`, `delete`	`forklift.konveyor.io`	`hooks`
`get`, `list`, `watch`	`forklift.konveyor.io`	`providers`
`get`, `list`, `watch`, `create`, `update`, `patch`, `delete`	`forklift.konveyor.io`	`networkmaps`
`get`, `list`, `watch`, `create`, `update`, `patch`, `delete`	`forklift.konveyor.io`	`storagemaps`
`get`, `list`, `watch`	`forklift.konveyor.io`	`forkliftcontrollers`
`create`, `patch`, `delete`	Empty string	`secrets`

Note	Non-administrators need to have the `create` permissions that are part of `edit` roles for network maps and for storage maps to create migration plans, even when using a template for a network map or a storage map.

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

non-admin-permissions-for-ui.adoc

non-admin-permissions-for-ui.adoc

Permissions needed by non-administrators to work with migration plan components

Files

non-admin-permissions-for-ui.adoc

Latest commit

History

non-admin-permissions-for-ui.adoc

File metadata and controls

Permissions needed by non-administrators to work with migration plan components