Role-based access control (RBAC) manages authorization for Docker Swarm and Kubernetes. Docker Enterprise lets us manage users' access to resources. We use roles to allow users to view, edit, and use cluster resources.
Authorization is based on the following concepts:
- Subjects: We manage users, teams, and service accounts within organizations. Users are part of teams, included in organizations.
- Resources: These are the groups of Docker objects we were talking about in Chapter 1, Modern Infrastructures and Applications with Docker. As Kubernetes is also integrated into the UCP cluster, Kubernetes resources are also part of these groupings. UCP manages resources grouped in collections.
- Collections: These are sets of resources, including different kinds of objects, such as volumes, secrets, configs, networks, services, and so on.
- Roles: These group sets of permissions and we assign them to different subjects. Roles define what can be done by...
