Access |
View configurations for single sign-on (SSO) and role-based access control (RBAC) rules that match user metadata to Red Hat Advanced Cluster Security for Kubernetes roles and users that have accessed your Red Hat Advanced Cluster Security for Kubernetes instance, including the metadata that the authentication providers give about them.
|
Create, modify, or delete SSO configurations and configured RBAC rules.
|
Administration |
View the following items:
-
Options for data retention, security notices and other related configurations
-
The current logging verbosity level in Red Hat Advanced Cluster Security for Kubernetes components
-
Manifest content for the uploaded probe files
-
Existing image scanner integrations
-
The status of automatic upgrades
-
Metadata about Red Hat Advanced Cluster Security for Kubernetes service-to-service authentication
-
The content of the scanner bundle (download)
|
Edit the following items:
-
Data retention, security notices, and related configurations
-
The logging level
-
Support packages in Central (upload)
-
Image scanner integrations (create/modify/delete)
-
Automatic upgrades for secured clusters (enable/disable)
-
Service-to-service authentication credentials (revoke/re-issue)
|
Alert |
View existing policy violations.
|
Resolve or edit policy violations.
|
CVE |
|
|
Cluster |
View existing secured clusters.
|
Add new secured clusters and modify or delete existing clusters.
|
Compliance |
View compliance standards and results, recent compliance runs, and the associated completion status.
|
|
deployment |
View deployments (workloads) in secured clusters.
|
|
deploymentExtension |
View the following items:
|
Modify the following items:
|
Detection |
Check build-time policies against images or deployment YAML.
|
|
Image |
View images, their components, and their vulnerabilities.
|
|
Integration |
View integrations and their configuration, including backup, registry, image signature, notification systems, and API tokens.
|
Add, modify, and delete integrations and their configurations, and API tokens.
|
K8sRole |
View roles for Kubernetes RBAC in secured clusters.
|
|
K8sRoleBinding |
View role bindings for Kubernetes RBAC in secured clusters.
|
|
K8sSubject |
View users and groups for Kubernetes RBAC in secured clusters.
|
|
Namespace |
View existing Kubernetes namespaces in secured clusters.
|
|
NetworkGraph |
View active and allowed network connections in secured clusters.
|
|
NetworkPolicy |
View existing network policies in secured clusters and simulate changes.
|
Apply network policy changes in secured clusters.
|
Node |
View existing Kubernetes nodes in secured clusters.
|
|
WorkflowAdministration |
View all resource collections.
|
Add, modify, or delete resource collections.
|
Role |
View existing Red Hat Advanced Cluster Security for Kubernetes RBAC roles and their permissions.
|
Add, modify, or delete roles and their permissions.
|
Secret |
View metadata about secrets in secured clusters.
|
|
ServiceAccount |
List Kubernetes service accounts in secured clusters.
|
|
VulnerabilityManagementApprovals |
View all pending deferral or false positive requests for vulnerabilities.
|
Approve or deny any pending deferral or false positive requests and move any previously approved requests back to observed.
|
VulnerabilityManagementRequests |
View all pending deferral or false positive requests for vulnerabilities.
|
Request a deferral on a vulnerability, mark it as a false positive, or move a pending or previously approved request made by the same user back to observed.
|
WatchedImage |
View undeployed and monitored watched images.
|
Configure watched images.
|
WorkflowAdministration |
View all resource collections.
|
Create, modify, or delete resource collections.
|