Access |
View configurations for single sign-on (SSO) and role-based access control (RBAC) rules that match user metadata to Red Hat Advanced Cluster Security for Kubernetes roles and users that have accessed your Red Hat Advanced Cluster Security for Kubernetes instance, including the metadata that the authentication providers provide about them.
|
Create, modify, or delete SSO configurations and configured RBAC rules.
|
Administration |
View the following items:
-
Options for data retention, security notices and other related configurations
-
The current logging verbosity level in Red Hat Advanced Cluster Security for Kubernetes components
-
Manifest content for the uploaded probe files
-
Existing image scanner integrations
-
The status of automatic upgrades
-
Metadata about Red Hat Advanced Cluster Security for Kubernetes service-to-service authentication
-
The content of the scanner bundle (download)
|
Edit the following items:
-
Data retention, security notices, and related configurations
-
The logging level
-
Support packages in Central (upload)
-
Image scanner integrations (create/modify/delete)
-
Automatic upgrades for secured clusters (enable/disable)
-
Service-to-service authentication credentials (revoke/re-issue)
|
Alert |
View existing policy violations.
|
Resolve or edit policy violations.
|
CVE |
|
|
Cluster |
View existing secured clusters.
|
Add new secured clusters and modify or delete existing clusters.
|
Compliance |
View compliance standards and results, as well as recent compliance runs and the associated completion status.
|
|
deployment |
View deployments (workloads) in secured clusters.
|
|
deploymentExtension |
View the following items:
|
Modify the following items:
|
Detection |
Check build-time policies against images or deployment YAML.
|
|
Image |
View images, their components, and their vulnerabilities.
|
|
Integration |
View the following items:
-
Existing API tokens
-
Existing integrations with automated backup systems such as Amazon Web Services (AWS) S3
-
Existing image registry integrations
-
Existing integrations for notification systems like email, Jira, or webhooks
|
Modify the following items:
-
API tokens (create new tokens or revoke existing tokens)
-
The configurations of backup integrations
-
Image registry integrations (create/edit/delete)
-
Notification integrations (create/edit/delete)
|
K8sRole |
View roles for Kubernetes RBAC in secured clusters.
|
|
K8sRoleBinding |
View role bindings for Kubernetes RBAC in secured clusters.
|
|
K8sSubject |
View users and groups for Kubernetes RBAC in secured clusters.
|
|
Namespace |
View existing Kubernetes namespaces in secured clusters.
|
|
NetworkGraph |
View active and allowed network connections in secured clusters.
|
|
NetworkPolicy |
View existing network policies in secured clusters and simulate changes.
|
Apply network policy changes in secured clusters.
|
Node |
View existing Kubernetes nodes in secured clusters.
|
|
Policy |
View existing system policies.
|
Create, modify, or delete system policies.
|
Role |
View existing Red Hat Advanced Cluster Security for Kubernetes RBAC roles and their permissions.
|
Add, modify, or delete roles and their permissions.
|
Secret |
View metadata about secrets in secured clusters.
|
|
ServiceAccount |
List Kubernetes service accounts in secured clusters.
|
|