You are viewing documentation for KubeSphere version:v3.0.0

KubeSphere v3.0.0 documentation is no longer actively maintained. The version you are currently viewing is a static snapshot. For up-to-date documentation, see the latest version.

Role and Member Management In Your DevOps project

This guide demonstrates how to manage roles and members in your DevOps project.

In DevOps project scope, you can grant the following resources’ permissions to a role:

  • Pipelines
  • Credentials
  • DevOps Settings
  • Access Control


At least one DevOps project has been created, such as demo-devops. Besides, you need an account of the admin role (for example, devops-admin) at the DevOps project level.

Built-in Roles

In Project Roles, there are three available built-in roles as shown below. Built-in roles are created automatically by KubeSphere when a DevOps project is created and they cannot be edited or deleted.

Built-in Roles Description
viewer The viewer who can view all resources in the DevOps project.
operator The normal member in a DevOps project who can create pipelines and credentials in the DevOps project.
admin The administrator in the DevOps project who can perform any action on any resource. It gives full control over all resources in the DevOps project.

Create a DevOps Project Role

  1. Log in to the console as devops-admin and select a DevOps project (for example, demo-devops) under DevOps Projects list.


    The account devops-admin is used as an example. As long as the account you are using is granted a role including the authorization of Project Members View, Project Roles Management and Project Roles View in Access Control at DevOps project level, it can create a DevOps project role.
  2. Go to Project Roles in Project Management, click Create and set a Role Identifier. In this example, a role named pipeline-creator will be created. Click Edit Authorization to continue.


  3. In Pipelines Management, select the authorization that you want this role to contain. For example, Pipelines Management and Pipelines View are selected for this role. Click OK to finish.



    Depend on means the major authorization (the one listed after Depend on) needs to be selected first so that the affiliated authorization can be assigned.
  4. Newly-created roles will be listed in Project Roles. You can click the three dots on the right to edit it.



    The role of pipeline-creator is only granted Pipelines Management and Pipelines View, which may not satisfy your need. This example is only for demonstration purpose. You can create customized roles based on your needs.

Invite a New Member

  1. In Project Management, select Project Members and click Invite Member.

  2. Invite a user to the DevOps project. Grant the role of pipeline-creator to the user.



    The user must be invited to the DevOps project’s workspace first.
  3. After you add a user to the DevOps project, click OK. In Project Members, you can see the newly invited member listed.

  4. You can also change the role of an existing member by editing it or remove it from the DevOps project.