Default Permissions
List of default permissions granted to the Organizations, Teams and Users roles.
Categories:
Customizable Permissions
Default permissions can be easily customized by simply creating your own keychains and roles.Understanding Permission Indicators
- Permissions marked with ✅ * indicate that the user is allowed to perform that action only if they own the resource.
- Permissions marked with just a ✅, indicate that user is allowed to perform that action regardless of resource ownership.
Catalog Permissions
| Permission | Description | User | Team Admin | Workspace Admin | Org Billing Manager | Org Admin | Provider Admin |
|---|---|---|---|---|---|---|---|
| Share Design | Share design with anyone within your organization, and make your design easily accessible to all relevant team members. | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Clone Design | Clone any published design to customise it according to your use cases | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| View Catalog | View all items in catalog | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
Designs Permissions
| Permission | Description | User | Team Admin | Workspace Admin | Org Billing Manager | Org Admin | Provider Admin |
|---|---|---|---|---|---|---|---|
| View Designs | View all public and published designs of other team members and private of signed-in user | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Create new design | Create new Meshery design | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Import Design | Import a design | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Publish Design | Publish a design | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Unpublish Design | Unpublish a design | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Validate Design | Validate a design | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Deploy Design | Deploy a design | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| Undeploy Design | Retract all resources used in a Meshery design from the cluster | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| Details of design | Set design information or details of a design | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Edit design | Edit a design | ✅ * | ✅ * | ✅ | ❌ | ✅ | ✅ |
| Delete a design | Delete a design | ✅ * | ✅ * | ✅ | ❌ | ✅ | ✅ |
| Download a design | Download a Meshery design in OCI or YAML format | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
Filters Permissions
| Permission | Description | User | Team Admin | Workspace Admin | Org Billing Manager | Org Admin | Provider Admin |
|---|---|---|---|---|---|---|---|
| View Filters | View all public and published filters of other team members and private of signed-in user | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Import Filter | Import a filter | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Download a WASM filter | Download a WASM filter | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Details of WASM Filter | Check information or details of a WASM filter | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Edit WASM filter | Edit WASM filter | ✅ * | ✅ * | ✅ | ❌ | ✅ | ✅ |
| Clone WASM Filter | Clone WASM filter from catalog, which allows customizing filter and use it in design | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Delete WASM Filter | Delete WASM filter permanently from catalog. | ✅ * | ✅ * | ✅ | ❌ | ✅ | ✅ |
Catalog Requests Permissions
| Permission | Description | User | Team Admin | Workspace Admin | Org Billing Manager | Org Admin | Provider Admin |
|---|---|---|---|---|---|---|---|
| View Catalog Requests | View the catalog publication request queue | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| Approve Catalog Request | Approve catalog publication requests | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| Deny Catalog Request | Deny catalog publication requests | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
Extensions Permissions
| Permission | Description | User | Team Admin | Workspace Admin | Org Billing Manager | Org Admin | Provider Admin |
|---|---|---|---|---|---|---|---|
| Install extension | Install or enable or disabble extensions in Meshery | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| View Meshery User Preferences | View all user preferences in Meshery UI | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| View Extensions | View all extensions on the extension page | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
Users Permissions
| Permission | Description | User | Team Admin | Workspace Admin | Org Billing Manager | Org Admin | Provider Admin |
|---|---|---|---|---|---|---|---|
| View All Kubernetes Clusters | View all configured Kubernetes clusters | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
Teams Permissions
| Permission | Description | User | Team Admin | Workspace Admin | Org Billing Manager | Org Admin | Provider Admin |
|---|---|---|---|---|---|---|---|
| View Team | See only teams to which you are a member. See all other members within those teams. | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| View Teams | See all teams of which you are an administrator. See all members of those teams. | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ |
| View All Teams | See all teams within an organization. See all members of all teams. | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Add User to Team | Directly create a new user account within a team. | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ |
| Invite User to Team | Send a request for a user to join a team. | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ |
| Remove User from Team | Discontinue user membership of a team and team resources. | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ |
| Create Team | Establish new team for organizing groups of users and resource access. | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ |
| Delete Team | Dissolve a team and all user memberships. Leave associated resources intact. | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ |
| Edit Team | Edit a team and add new members to it. | ❌ | ✅ | ❌ | ❌ | ✅ | ✅ |
| Remove Roles from Team members | Remove roles from users in a team | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Assign Roles to Team members | Assign roles to users in a team | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Open Team Invite | This governs the team's invitation permissions, determining whether the team is allowed to extend invitations to new individuals to join through open invite link. | ❌ | ✅ | ✅ | ❌ | ✅ | ✅ |
Organizations Permissions
| Permission | Description | User | Team Admin | Workspace Admin | Org Billing Manager | Org Admin | Provider Admin |
|---|---|---|---|---|---|---|---|
| Create Organization | Establish new organization for organizing teams, users, and resource access. | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Edit Organization | Edit organiaztions and add teams to it | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Add User to Organization | Directly create a new user account within an organization. | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ |
| Invite User to Organization | Send a request for a user to join an organization. | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ |
| Remove User from Organization | Discontinue user access to organization, teams and resources; cease billing accrual. | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ |
| Promote or Demote User to Org Admin | Elevate or remove organization level administrative privileges. | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ |
| View Org | See only organizations to which you are a member. See all other members within your membership teams. | ✅ | ✅ | ✅ | ✅ | ✅ | ✅ |
| View Organizations | See all organizations of which you are an administrator. See all members of those organizations. | ❌ | ❌ | ❌ | ✅ | ✅ | ✅ |
| View All Organizations | See all organizations within a Layer5 Cloud deployment. See all organizations, teams, and users. | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Remove Roles from Organization members | Remove roles from users in an organization | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Assign Roles to Organization members | Assign roles to users in an organization | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
Connections Permissions
| Permission | Description | User | Team Admin | Workspace Admin | Org Billing Manager | Org Admin | Provider Admin |
|---|---|---|---|---|---|---|---|
| Add cluster | Add Kubernetes cluster | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| Change connection state | Change connection state | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| Flush Meshsync data | Clearing the database by clicking on the `Flush MeshSync` | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| Register discovered Meshsync resource | Register discovered Meshsync resource to change state to connection | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| Delete a connection | Delete a connection | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| View Connections | View all connections within an environment | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
Settings Permissions
| Permission | Description | User | Team Admin | Workspace Admin | Org Billing Manager | Org Admin | Provider Admin |
|---|---|---|---|---|---|---|---|
| View Settings | View settings in Meshery | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Connect adapter | Configure and connect to Meshery adapters | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Connect Metrics | Configure and connect to metrics like Grafana and Promethues | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| View Metrics | View already configured metrics | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| View Registry | Explore entities within capabilities registry | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Reset Database | Reset Meshery database | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
Performance Permissions
| Permission | Description | User | Team Admin | Workspace Admin | Org Billing Manager | Org Admin | Provider Admin |
|---|---|---|---|---|---|---|---|
| Add performace profile | Add a new performace profile | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Run test | Run a test on performance profile | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| View Results | View results of performance tests | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Edit performance test | Edit performance test | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Delete performance test | Delete performance test | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| View performance profiles | View all performance profiles | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
Cloud native infrastructure lifecycle Permissions
| Permission | Description | User | Team Admin | Workspace Admin | Org Billing Manager | Org Admin | Provider Admin |
|---|---|---|---|---|---|---|---|
| Manage cloud native infrastructure life cycle | This permission grants the user the ability to manage infrastructure life cycles within meshery. Meshery allows users to visualize, work on and manage various cloud native technologies. | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Manage cloud native infrastructure configuration | Manage configuration for applications like EmojiVoto, HTTPBin, Image Hub, Istio Book Info | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Apply cloud native infrastructure configuration | Configure infrastructure with some predefined options like Automatic Sidecar injection, Envoy Filter, Policy | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Validate cloud native infrastructure configuration | Validate cloud native infrastructure configuration against best practices like Analyze Running Configuration, SMI conformance | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Apply custom cloud native configuration | This permission grants the user the ability to apply custom configuration and customize existing configuration of thier cloud native infrastructure | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Deploy cloud native infrastructure | This permission grants the user the ability to deploy their infrastructure to a cluster through Meshery. Meshery allows users to visualize, work on and manage various cloud native technologies | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| Undeploy cloud native infrastructure | This permission grants the user the ability to undeploy their infrastructure from a cluster through Meshery. Meshery allows users to visualize, work on and manage various cloud native technologies | ❌ | ❌ | ❌ | ❌ | ✅ | ✅ |
| View cloud native infrastructure | This permission grants the user the ability to view all cloud native infrastructure in Meshery. Meshery allows users to visualize, work on and manage various cloud native technologies. | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
Environments Permissions
| Permission | Description | User | Team Admin | Workspace Admin | Org Billing Manager | Org Admin | Provider Admin |
|---|---|---|---|---|---|---|---|
| View Environment | See all environments within an workspace. | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Create Environment | Create a new environment | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| Delete Environment | Dissolve environment and all connection memberships. Leave associated resources intact. | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| Edit Environment | Edit environment and it connection membership | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| Assign connections to environment | Add new connections to environments | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| Remove connections from environments | Remove connections from environment, | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
Workspace Permissions
| Permission | Description | User | Team Admin | Workspace Admin | Org Billing Manager | Org Admin | Provider Admin |
|---|---|---|---|---|---|---|---|
| View Workspace | See all workspaces within an organisation | ✅ | ✅ | ✅ | ❌ | ✅ | ✅ |
| Delete Workspace | Dissolve workspace and all team and environment memberships. Leave associated resources intact | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| Edit Workspace | Edit workspace and it's team and environment membership | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| Create Workspace | Create new workspace | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| Assign team to workspace | Add new team to workspace | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| Remove team from workspace | Remove team from workspace | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| Assign environment to workspace | Add new environment to workspace | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| Remove environment from workspace | Remove environment from workspace | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| Assign Designs to Workspaces | Assign designs to workspaces | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
| Remove Designs from Workspaces | Remove designs from workspaces | ❌ | ❌ | ✅ | ❌ | ✅ | ✅ |
Team Admin Role
| Permission | Description |
|---|---|
| Share Design | Share design with anyone within your organization, and make your design easily accessible to all relevant team members. |
| Clone Design | Clone any published design to customise it according to your use cases |
| View Designs | View all public and published designs of other team members and private of signed-in user |
| View Filters | View all public and published filters of other team members and private of signed-in user |
| Create new design | Create new Meshery design |
| Import Design | Import a design |
| Publish Design | Publish a design |
| Unpublish Design | Unpublish a design |
| Validate Design | Validate a design |
| Details of design | Set design information or details of a design |
| Edit design | Edit a design |
| Delete a design | Delete a design |
| Download a design | Download a Meshery design in OCI or YAML format |
| Import Filter | Import a filter |
| Download a WASM filter | Download a WASM filter |
| Details of WASM Filter | Check information or details of a WASM filter |
| Edit WASM filter | Edit WASM filter |
| Clone WASM Filter | Clone WASM filter from catalog, which allows customizing filter and use it in design |
| Delete WASM Filter | Delete WASM filter permanently from catalog. |
| View Meshery User Preferences | View all user preferences in Meshery UI |
| View Extensions | View all extensions on the extension page |
| View All Kubernetes Clusters | View all configured Kubernetes clusters |
| View Team | See only teams to which you are a member. See all other members within those teams. |
| View Teams | See all teams of which you are an administrator. See all members of those teams. |
| View All Teams | See all teams within an organization. See all members of all teams. |
| Add User to Team | Directly create a new user account within a team. |
| Invite User to Team | Send a request for a user to join a team. |
| Remove User from Team | Discontinue user membership of a team and team resources. |
| Create Team | Establish new team for organizing groups of users and resource access. |
| Delete Team | Dissolve a team and all user memberships. Leave associated resources intact. |
| Edit Team | Edit a team and add new members to it. |
| Remove Roles from Team members | Remove roles from users in a team |
| Assign Roles to Team members | Assign roles to users in a team |
| Open Team Invite | This governs the team's invitation permissions, determining whether the team is allowed to extend invitations to new individuals to join through open invite link. |
| View Org | See only organizations to which you are a member. See all other members within your membership teams. |
| View Settings | View settings in Meshery |
| View Metrics | View already configured metrics |
| View Registry | Explore entities within capabilities registry |
| View Results | View results of performance tests |
| View performance profiles | View all performance profiles |
| View cloud native infrastructure | This permission grants the user the ability to view all cloud native infrastructure in Meshery. Meshery allows users to visualize, work on and manage various cloud native technologies. |
| View Connections | View all connections within an environment |
| View Environment | See all environments within an workspace. |
| View Catalog | View all items in catalog |
| View Workspace | See all workspaces within an organisation |
Workspace Admin Role
| Permission | Description |
|---|---|
| Share Design | Share design with anyone within your organization, and make your design easily accessible to all relevant team members. |
| Clone Design | Clone any published design to customise it according to your use cases |
| View Designs | View all public and published designs of other team members and private of signed-in user |
| View Filters | View all public and published filters of other team members and private of signed-in user |
| View Catalog Requests | View the catalog publication request queue |
| Approve Catalog Request | Approve catalog publication requests |
| Deny Catalog Request | Deny catalog publication requests |
| Create new design | Create new Meshery design |
| Import Design | Import a design |
| Publish Design | Publish a design |
| Unpublish Design | Unpublish a design |
| Validate Design | Validate a design |
| Deploy Design | Deploy a design |
| Undeploy Design | Retract all resources used in a Meshery design from the cluster |
| Details of design | Set design information or details of a design |
| Edit design | Edit a design |
| Delete a design | Delete a design |
| Download a design | Download a Meshery design in OCI or YAML format |
| Import Filter | Import a filter |
| Download a WASM filter | Download a WASM filter |
| Details of WASM Filter | Check information or details of a WASM filter |
| Edit WASM filter | Edit WASM filter |
| Clone WASM Filter | Clone WASM filter from catalog, which allows customizing filter and use it in design |
| Delete WASM Filter | Delete WASM filter permanently from catalog. |
| View Meshery User Preferences | View all user preferences in Meshery UI |
| View Extensions | View all extensions on the extension page |
| View All Kubernetes Clusters | View all configured Kubernetes clusters |
| View Team | See only teams to which you are a member. See all other members within those teams. |
| View Teams | See all teams of which you are an administrator. See all members of those teams. |
| View All Teams | See all teams within an organization. See all members of all teams. |
| Remove Roles from Team members | Remove roles from users in a team |
| Assign Roles to Team members | Assign roles to users in a team |
| Open Team Invite | This governs the team's invitation permissions, determining whether the team is allowed to extend invitations to new individuals to join through open invite link. |
| View Org | See only organizations to which you are a member. See all other members within your membership teams. |
| Add cluster | Add Kubernetes cluster |
| Change connection state | Change connection state |
| Flush Meshsync data | Clearing the database by clicking on the `Flush MeshSync` |
| Register discovered Meshsync resource | Register discovered Meshsync resource to change state to connection |
| Delete a connection | Delete a connection |
| View Settings | View settings in Meshery |
| View Metrics | View already configured metrics |
| View Registry | Explore entities within capabilities registry |
| View Results | View results of performance tests |
| View performance profiles | View all performance profiles |
| View cloud native infrastructure | This permission grants the user the ability to view all cloud native infrastructure in Meshery. Meshery allows users to visualize, work on and manage various cloud native technologies. |
| View Connections | View all connections within an environment |
| View Environment | See all environments within an workspace. |
| Create Environment | Create a new environment |
| Delete Environment | Dissolve environment and all connection memberships. Leave associated resources intact. |
| Edit Environment | Edit environment and it connection membership |
| Assign connections to environment | Add new connections to environments |
| Remove connections from environments | Remove connections from environment, |
| View Catalog | View all items in catalog |
| View Workspace | See all workspaces within an organisation |
| Delete Workspace | Dissolve workspace and all team and environment memberships. Leave associated resources intact |
| Edit Workspace | Edit workspace and it's team and environment membership |
| Create Workspace | Create new workspace |
| Assign team to workspace | Add new team to workspace |
| Remove team from workspace | Remove team from workspace |
| Assign environment to workspace | Add new environment to workspace |
| Remove environment from workspace | Remove environment from workspace |
| Assign Designs to Workspaces | Assign designs to workspaces |
| Remove Designs from Workspaces | Remove designs from workspaces |
Org Billing Manager Role
| Permission | Description |
|---|---|
| Add User to Organization | Directly create a new user account within an organization. |
| Invite User to Organization | Send a request for a user to join an organization. |
| Remove User from Organization | Discontinue user access to organization, teams and resources; cease billing accrual. |
| Promote or Demote User to Org Admin | Elevate or remove organization level administrative privileges. |
| View Org | See only organizations to which you are a member. See all other members within your membership teams. |
| View Organizations | See all organizations of which you are an administrator. See all members of those organizations. |
Org Admin Role
| Permission | Description |
|---|---|
| Share Design | Share design with anyone within your organization, and make your design easily accessible to all relevant team members. |
| Clone Design | Clone any published design to customise it according to your use cases |
| View Designs | View all public and published designs of other team members and private of signed-in user |
| View Filters | View all public and published filters of other team members and private of signed-in user |
| View Catalog Requests | View the catalog publication request queue |
| Approve Catalog Request | Approve catalog publication requests |
| Deny Catalog Request | Deny catalog publication requests |
| Create new design | Create new Meshery design |
| Import Design | Import a design |
| Publish Design | Publish a design |
| Unpublish Design | Unpublish a design |
| Validate Design | Validate a design |
| Deploy Design | Deploy a design |
| Undeploy Design | Retract all resources used in a Meshery design from the cluster |
| Details of design | Set design information or details of a design |
| Edit design | Edit a design |
| Delete a design | Delete a design |
| Download a design | Download a Meshery design in OCI or YAML format |
| Import Filter | Import a filter |
| Download a WASM filter | Download a WASM filter |
| Details of WASM Filter | Check information or details of a WASM filter |
| Edit WASM filter | Edit WASM filter |
| Clone WASM Filter | Clone WASM filter from catalog, which allows customizing filter and use it in design |
| Delete WASM Filter | Delete WASM filter permanently from catalog. |
| Install extension | Install or enable or disabble extensions in Meshery |
| View Meshery User Preferences | View all user preferences in Meshery UI |
| View Extensions | View all extensions on the extension page |
| View All Kubernetes Clusters | View all configured Kubernetes clusters |
| View Team | See only teams to which you are a member. See all other members within those teams. |
| View Teams | See all teams of which you are an administrator. See all members of those teams. |
| View All Teams | See all teams within an organization. See all members of all teams. |
| Add User to Team | Directly create a new user account within a team. |
| Invite User to Team | Send a request for a user to join a team. |
| Remove User from Team | Discontinue user membership of a team and team resources. |
| Create Team | Establish new team for organizing groups of users and resource access. |
| Delete Team | Dissolve a team and all user memberships. Leave associated resources intact. |
| Edit Team | Edit a team and add new members to it. |
| Remove Roles from Team members | Remove roles from users in a team |
| Assign Roles to Team members | Assign roles to users in a team |
| Open Team Invite | This governs the team's invitation permissions, determining whether the team is allowed to extend invitations to new individuals to join through open invite link. |
| Create Organization | Establish new organization for organizing teams, users, and resource access. |
| Edit Organization | Edit organiaztions and add teams to it |
| Add User to Organization | Directly create a new user account within an organization. |
| Invite User to Organization | Send a request for a user to join an organization. |
| Remove User from Organization | Discontinue user access to organization, teams and resources; cease billing accrual. |
| Promote or Demote User to Org Admin | Elevate or remove organization level administrative privileges. |
| View Org | See only organizations to which you are a member. See all other members within your membership teams. |
| View Organizations | See all organizations of which you are an administrator. See all members of those organizations. |
| View All Organizations | See all organizations within a Layer5 Cloud deployment. See all organizations, teams, and users. |
| Remove Roles from Organization members | Remove roles from users in an organization |
| Assign Roles to Organization members | Assign roles to users in an organization |
| Add cluster | Add Kubernetes cluster |
| Change connection state | Change connection state |
| Flush Meshsync data | Clearing the database by clicking on the `Flush MeshSync` |
| Register discovered Meshsync resource | Register discovered Meshsync resource to change state to connection |
| Delete a connection | Delete a connection |
| View Settings | View settings in Meshery |
| Connect adapter | Configure and connect to Meshery adapters |
| Connect Metrics | Configure and connect to metrics like Grafana and Promethues |
| View Metrics | View already configured metrics |
| View Registry | Explore entities within capabilities registry |
| Add performace profile | Add a new performace profile |
| Run test | Run a test on performance profile |
| View Results | View results of performance tests |
| Edit performance test | Edit performance test |
| Delete performance test | Delete performance test |
| View performance profiles | View all performance profiles |
| Manage cloud native infrastructure life cycle | This permission grants the user the ability to manage infrastructure life cycles within meshery. Meshery allows users to visualize, work on and manage various cloud native technologies. |
| Manage cloud native infrastructure configuration | Manage configuration for applications like EmojiVoto, HTTPBin, Image Hub, Istio Book Info |
| Apply cloud native infrastructure configuration | Configure infrastructure with some predefined options like Automatic Sidecar injection, Envoy Filter, Policy |
| Validate cloud native infrastructure configuration | Validate cloud native infrastructure configuration against best practices like Analyze Running Configuration, SMI conformance |
| Apply custom cloud native configuration | This permission grants the user the ability to apply custom configuration and customize existing configuration of thier cloud native infrastructure |
| Deploy cloud native infrastructure | This permission grants the user the ability to deploy their infrastructure to a cluster through Meshery. Meshery allows users to visualize, work on and manage various cloud native technologies |
| Undeploy cloud native infrastructure | This permission grants the user the ability to undeploy their infrastructure from a cluster through Meshery. Meshery allows users to visualize, work on and manage various cloud native technologies |
| View cloud native infrastructure | This permission grants the user the ability to view all cloud native infrastructure in Meshery. Meshery allows users to visualize, work on and manage various cloud native technologies. |
| View Connections | View all connections within an environment |
| View Environment | See all environments within an workspace. |
| Create Environment | Create a new environment |
| Delete Environment | Dissolve environment and all connection memberships. Leave associated resources intact. |
| Edit Environment | Edit environment and it connection membership |
| Assign connections to environment | Add new connections to environments |
| Remove connections from environments | Remove connections from environment, |
| View Catalog | View all items in catalog |
| View Workspace | See all workspaces within an organisation |
| Delete Workspace | Dissolve workspace and all team and environment memberships. Leave associated resources intact |
| Edit Workspace | Edit workspace and it's team and environment membership |
| Create Workspace | Create new workspace |
| Assign team to workspace | Add new team to workspace |
| Remove team from workspace | Remove team from workspace |
| Assign environment to workspace | Add new environment to workspace |
| Remove environment from workspace | Remove environment from workspace |
| Assign Designs to Workspaces | Assign designs to workspaces |
| Remove Designs from Workspaces | Remove designs from workspaces |
| Reset Database | Reset Meshery database |
Provider Admin Role
| Permission | Description |
|---|---|
| Share Design | Share design with anyone within your organization, and make your design easily accessible to all relevant team members. |
| Clone Design | Clone any published design to customise it according to your use cases |
| View Designs | View all public and published designs of other team members and private of signed-in user |
| View Filters | View all public and published filters of other team members and private of signed-in user |
| View Catalog Requests | View the catalog publication request queue |
| Approve Catalog Request | Approve catalog publication requests |
| Deny Catalog Request | Deny catalog publication requests |
| Create new design | Create new Meshery design |
| Import Design | Import a design |
| Publish Design | Publish a design |
| Unpublish Design | Unpublish a design |
| Validate Design | Validate a design |
| Deploy Design | Deploy a design |
| Undeploy Design | Retract all resources used in a Meshery design from the cluster |
| Details of design | Set design information or details of a design |
| Edit design | Edit a design |
| Delete a design | Delete a design |
| Download a design | Download a Meshery design in OCI or YAML format |
| Import Filter | Import a filter |
| Download a WASM filter | Download a WASM filter |
| Details of WASM Filter | Check information or details of a WASM filter |
| Edit WASM filter | Edit WASM filter |
| Clone WASM Filter | Clone WASM filter from catalog, which allows customizing filter and use it in design |
| Delete WASM Filter | Delete WASM filter permanently from catalog. |
| Install extension | Install or enable or disabble extensions in Meshery |
| View Meshery User Preferences | View all user preferences in Meshery UI |
| View Extensions | View all extensions on the extension page |
| View All Kubernetes Clusters | View all configured Kubernetes clusters |
| View Team | See only teams to which you are a member. See all other members within those teams. |
| View Teams | See all teams of which you are an administrator. See all members of those teams. |
| View All Teams | See all teams within an organization. See all members of all teams. |
| Add User to Team | Directly create a new user account within a team. |
| Invite User to Team | Send a request for a user to join a team. |
| Remove User from Team | Discontinue user membership of a team and team resources. |
| Create Team | Establish new team for organizing groups of users and resource access. |
| Delete Team | Dissolve a team and all user memberships. Leave associated resources intact. |
| Edit Team | Edit a team and add new members to it. |
| Remove Roles from Team members | Remove roles from users in a team |
| Assign Roles to Team members | Assign roles to users in a team |
| Open Team Invite | This governs the team's invitation permissions, determining whether the team is allowed to extend invitations to new individuals to join through open invite link. |
| Create Organization | Establish new organization for organizing teams, users, and resource access. |
| Edit Organization | Edit organiaztions and add teams to it |
| Add User to Organization | Directly create a new user account within an organization. |
| Invite User to Organization | Send a request for a user to join an organization. |
| Remove User from Organization | Discontinue user access to organization, teams and resources; cease billing accrual. |
| Promote or Demote User to Org Admin | Elevate or remove organization level administrative privileges. |
| View Org | See only organizations to which you are a member. See all other members within your membership teams. |
| View Organizations | See all organizations of which you are an administrator. See all members of those organizations. |
| View All Organizations | See all organizations within a Layer5 Cloud deployment. See all organizations, teams, and users. |
| Remove Roles from Organization members | Remove roles from users in an organization |
| Assign Roles to Organization members | Assign roles to users in an organization |
| Add cluster | Add Kubernetes cluster |
| Change connection state | Change connection state |
| Flush Meshsync data | Clearing the database by clicking on the `Flush MeshSync` |
| Register discovered Meshsync resource | Register discovered Meshsync resource to change state to connection |
| Delete a connection | Delete a connection |
| View Settings | View settings in Meshery |
| Connect adapter | Configure and connect to Meshery adapters |
| Connect Metrics | Configure and connect to metrics like Grafana and Promethues |
| View Metrics | View already configured metrics |
| View Registry | Explore entities within capabilities registry |
| Add performace profile | Add a new performace profile |
| Run test | Run a test on performance profile |
| View Results | View results of performance tests |
| Edit performance test | Edit performance test |
| Delete performance test | Delete performance test |
| View performance profiles | View all performance profiles |
| Manage cloud native infrastructure life cycle | This permission grants the user the ability to manage infrastructure life cycles within meshery. Meshery allows users to visualize, work on and manage various cloud native technologies. |
| Manage cloud native infrastructure configuration | Manage configuration for applications like EmojiVoto, HTTPBin, Image Hub, Istio Book Info |
| Apply cloud native infrastructure configuration | Configure infrastructure with some predefined options like Automatic Sidecar injection, Envoy Filter, Policy |
| Validate cloud native infrastructure configuration | Validate cloud native infrastructure configuration against best practices like Analyze Running Configuration, SMI conformance |
| Apply custom cloud native configuration | This permission grants the user the ability to apply custom configuration and customize existing configuration of thier cloud native infrastructure |
| Deploy cloud native infrastructure | This permission grants the user the ability to deploy their infrastructure to a cluster through Meshery. Meshery allows users to visualize, work on and manage various cloud native technologies |
| Undeploy cloud native infrastructure | This permission grants the user the ability to undeploy their infrastructure from a cluster through Meshery. Meshery allows users to visualize, work on and manage various cloud native technologies |
| View cloud native infrastructure | This permission grants the user the ability to view all cloud native infrastructure in Meshery. Meshery allows users to visualize, work on and manage various cloud native technologies. |
| View Connections | View all connections within an environment |
| View Environment | See all environments within an workspace. |
| Create Environment | Create a new environment |
| Delete Environment | Dissolve environment and all connection memberships. Leave associated resources intact. |
| Edit Environment | Edit environment and it connection membership |
| Assign connections to environment | Add new connections to environments |
| Remove connections from environments | Remove connections from environment, |
| View Catalog | View all items in catalog |
| View Workspace | See all workspaces within an organisation |
| Delete Workspace | Dissolve workspace and all team and environment memberships. Leave associated resources intact |
| Edit Workspace | Edit workspace and it's team and environment membership |
| Create Workspace | Create new workspace |
| Assign team to workspace | Add new team to workspace |
| Remove team from workspace | Remove team from workspace |
| Assign environment to workspace | Add new environment to workspace |
| Remove environment from workspace | Remove environment from workspace |
| Assign Designs to Workspaces | Assign designs to workspaces |
| Remove Designs from Workspaces | Remove designs from workspaces |
| Reset Database | Reset Meshery database |