What permissions are required to grant access to manage Cluster Logging in Rancher v2.x

Article Number: 000020106

Situation

Question

By default, only Global Admins or Cluster Owners have access to configure and manage Cluster Logging in a Rancher v2.x managed cluster. This article details the permissions required to grant this access to other users.

Pre-requisites

• A Kubernetes cluster managed by Rancher v2.x

Answer

Cluster Logging configuration is managed by the ClusterLoggings Custom Resource in the management.cattle.io API Group. In order to create a role that grants permission to manage the logging configuration for a cluster, you should therefore grant all verbs on the CluserLoggings Resource in the management.cattle.io API group.

You can define a custom Cluster Role via the Rancher UI, by navigating to the Global view, and selecting Security -> Roles -> Cluster, creating a custom role with these permissions. Granting this custom role on a cluster to a user or group will then provide access to manage the Cluster Logging configuration for that cluster.

Further Reading

• Rancher v2.x Cluster Logging Documentation
• Rancher v2.x Role-Based Access Control (RBAC) Documentation