Before you can start consuming a vSphere with Tanzu enabled vSphere Cluster, you need to first create and configure a vSphere Namespace. This is a pretty straight forward process (check out this quick video if you are interested). One of the required configuration is to setup up permissions for which user/groups can access and consume the vSphere Namespace using one of the three default roles.
A question was recently raised in the community on the definition of each role since the user was not able to find more details in the official documentation. Here is a quick summary for each role and its functionality:
- Owner - Can modify and delete vSphere Namespace
- Can Edit - Can modify vSphere Namespace
- Can View - Can perform read only operations on vSphere Namespace
Note: I have already shared this feedback with the vSphere with Tanzu Product Manager to help improve our documentation on this topic
There was also a related question on whether these roles mapped into Kubernetes (K8s) layer, which is the Supervisor Cluster in your vSphere with Tanzu enabled vSphere Cluster? This actually got me curious since I am still a novice when it comes to K8s access control (RBAC). I decided to take a closer look and with some trial error, I was able to see how these vSphere Namespace roles, which is a vCenter Server construct maps into the respective K8s constructs within the Supervisor Cluster.