Kubernetes® Security Posture Management (KSPM) service roles

With Kubernetes® Security Posture Management (KSPM) service roles, you can manage user access to the KSPM resources and their settings, as well as to the data contained in the control results and alerts.

kspm.workerkspm.worker

The kspm.worker role allows the user to view info on Managed Service for Kubernetes clusters and install KSPM components in them.

The role is issued to the service account to perform cluster checks and extends to an organization, cloud, or folder. This service account should be specified when creating the workspace.

kspm.auditorkspm.auditor

The kspm.auditor role allows the user to view info on KSPM settings, KSPM operations, and the list of exceptions from the rules.

kspm.viewerkspm.viewer

The kspm.viewer role allows the user to view info on KSPM settings, Managed Service for Kubernetes clusters connected to KSPM, exceptions from the rules, exceptions from the scope of control, KSPM users, and KSPM operations.

This role includes the kspm.auditor permissions.

kspm.editorkspm.editor

The kspm.editor role allows the user to engage, set up, and disconnect KSPM, create, modify, and delete exceptions from the rules and exceptions from the scope of control, view info on Managed Service for Kubernetes clusters connected to KSPM, KSPM users, and KSPM operations.

This role includes the kspm.viewer permissions.

kspm.adminkspm.admin

The kspm.admin role allows the user to engage, set up, and disconnect KSPM, create, modify, and delete exceptions from the rules and exceptions from the scope of control, view info on Managed Service for Kubernetes clusters connected to KSPM, KSPM users, and KSPM operations.

This role includes the kspm.editor permissions.