Security

1. User Account Management

User Account Management (IAM, Identity & Access Management) is crucial for security management, covering the entire lifecycle from issuance to revocation. To achieve this, only authorized users should have permission to create, delete, and modify accounts. Additionally, the platform should allow the verification of existing account permissions and statuses.

Navigate to [Settings] - [Users] to access this information.

1.1 User Account Creation and Operation

Users logging into the Cocktail Cloud platform require an account. For maintaining security levels and role separation, it is recommended to perform major configuration tasks and platform resource management operations with 'Admin' privileges. This is akin to requesting and using root permissions only temporarily for specific tasks in an OS operating environment.

1.2 Account Permissions and Roles

Admin

• Possesses the highest level of authority, capable of creating and modifying other user accounts, viewing and searching audit logs.

• Can create platforms and allocate resources.

• Can grant cluster access and terminal access permissions.

• Can create workspaces on the platform and add members to them.

• Add service maps, which represent the actual service units in operation.

• When adding a service map, allocate and limit resources such as CPU, Memory, and the total number of Pods.

• Register clusters for use on the platform.

• Can register clusters for use on the platform, monitor the resources and status of allocated clusters.

• Can add or reinstall addons, restart them, check the status of deployed applications.

• Can view the status of deployed applications, add or create container images.

• Add or create container images.

• Create and manage registries.

• Deploy Helm charts with publicly available packages on the platform.

User

• Can manage resources assigned to them by an administrator and serve applications.

• Can create workloads, expose services, request and use volumes, configure application deployment, and utilize package and pipeline features.

• Can add or create container images.

• Can deploy packages exposed in the Helm chart on the platform.