Skip to content

Create a grant#

Grants define what actions users, groups, or organizations can perform within specific namespaces or across your MKE 4k cluster. You can create grants using the MKE 4k Dashboard by selecting a subject, scope, and associated roles. This process enables fine-grained access control to ensure the right permissions are assigned to the right entities.

  1. Log in to the MKE 4k Dashboard as an administrator.

  2. Navigate to Access Control --> Grants to access the Grants screen.

  3. Click the + create grant button at the top right to access the New grant screen.

  4. In the Subject section, select who is to receive the permissions defined by the role.

    1. Use the provided selector to set the subject type: organization, user, or group.

      Subject type Description
      organization Sets grant access for an entire organization.
      • When selected, an optional Team Name displays.
      • You can grant access to a specific team within the organization.
      • If no team is specified, the grant applies to the entire organization.
      user Sets grant access for an individual user.
      • Supports both local users and LDAP users.
      • LDAP users are indicated by a Type column that displays ldap or local.
      group Sets grant access to an LDAP group. The Group option is only available when LDAP authentication is enabled in the MKE 4k cluster. Otherwise, the option is disabled.

    2. Click Select in the name field to access the Select subject dialog.

    3. Search or browse for the desired subject.
    4. Click Save.

  5. In the Scope section, select the namespace where the permissions apply.

    1. Click Select in the namespace field to access the Select scope dialog.

    2. Search or browse for the desired namespace.

      Info

      When no namespace is selected, the grant applies to the entire cluster, and you can only select roles of type ClusterRoles.

    3. Click Save.

  6. In the Roles section, define permissions for the selected subject.

    1. Click Select in the name field to access the Select role dialog.
    2. Search or browse for the desired role.
    3. Click Save.

  7. Click create grant at the bottom right. A pop-up will display to indicate grant creation, and you will return to the Grants screen.