Skip to content

Create Organizations and Teams#

With MKE 4k RBAC, there are two subjects: organizations and teams.

graph TD
    %% --- Nodes ---
    Org("Organization: Mirantis")
    TeamDev("Team: Dev")
    TeamQA("Team: QA")
    TeamProd("Team: Prod")

    %% --- Relationships ---
    Org --> TeamDev
    Org --> TeamQA
    Org --> TeamProd

    %% --- Styles ---
    %% Darker Style with professional borders
    style Org fill:#2E8B57,stroke:#0a2e4c,stroke-width:2px,color:#000
    style TeamDev fill:#3CB371,stroke:#0a2e4c,stroke-width:2px,color:#000
    style TeamQA fill:#3CB371,stroke:#0a2e4c,stroke-width:2px,color:#000
    style TeamProd fill:#3CB371,stroke:#0a2e4c,stroke-width:2px,color:#000

Create an Organization#

An organizations is used to group users and teams and can be either cluster-wide or namespaced. They do not have individual permissions but only the permissions assigned to them through the grants system.

Important

Deleting an organization also deletes all of its teams and any grants that are associated with the organization. The permissions, users, and groups that are associated with the teams and grants, though, are not affected.

  1. Log in to the MKE 4k Dashboard as an administrator.

  2. Navigate to Access Control > Orgs and Teams.

  3. Click the blue create organization button in the upper right corner. The New organization screen displays.

  4. Enter a unique organization name that is 1-63 characters in length and which does not contain:

    • Capital letters
    • Spaces
    • Any of the following non-alphabetic characters: \*+[\]:;|=,?<>"'

  5. Click the blue create organization button in the bottom right corner.

Namespacing considerations

Regardless of whether they are namespaced, organization names must be unique.

  • You can use the MKE 4k API to associate an organization with a specific namespace by providing the namespace field when you create it.
  • Organizations that are created without a namespace specification are considered to be cluster-wide.

Create a Team#

A Team is a group of users within a particular organization. It cannot exist outside of an organization, and like organizations a team can be either cluster-wide or namespaced. A team does not have individual permissions but only the permissions assigned to it through the grant system.

Team names must be unique within an organization. Teams in different organizations can have the same name, but be aware that these same-named teams are not related.

Important

Deleting a team also deletes any grants that are associated with that team. The permissions, users, and groups that are associated with the grants, though, are not affected.

  1. Log in to the MKE 4k Dashboard as an administrator.

  2. Navigate to Access Control > Orgs and Teams.

  3. Navigate to the required organization, select the Teams tab and click the blue add team button in the upper right corner. The New team for screen displays.

  4. Enter a team name with a maximum of 63 characters.

  5. Optional. Select a namespace for the team. If no namespace is selected, the team scope is cluster-wide.

  6. Click the blue create team button in the lower right corner.

Namespacing considerations

  • If a team is created within an organization that has a namespace, the team automatically inherits that namespace.
  • If the parent organization is namespaced, you cannot assign a different namespace to the team as the team namespace must match that of the organization.
  • If the parent organization is cluster-wide, you can create a team with or without a namespace. If no namespace is provided, the team is also cluster-wide.