Default roles¶
The following describes the built-in roles:
Role |
Description |
---|---|
None |
Users have no access to Swarm or Kubernetes resources. Maps to |
View Only |
Users can view resources but cannot create them. |
Restricted Control |
Users can view and edit resources but cannot run a service or container
in a way that affects the node where it is running. Users cannot mount a
node directory, |
Scheduler |
Users can view worker and manager nodes and schedule, but not view, workloads on these nodes. By default, all users are granted the Scheduler role for the Shared collection. To view workloads, users need Container View permissions. |
Full Control |
Users can view and edit all granted resources. They can create containers without any restriction, but cannot see the containers of other users. |
To learn how to apply a default role using a grant, refer to Create grants.