Run Commands

Add Roles to User via PachCTL

Learn how to grant and modify permissions on given resources for a user.

November 29, 2023

Before You Start #

💡

You can check your current roles and permissions on a given project by running the following:

pachctl auth check project <project-name>
Roles: [projectOwner]
Permissions: [REPO_READ REPO_INSPECT_COMMIT REPO_LIST_COMMIT REPO_LIST_BRANCH REPO_LIST_FILE REPO_INSPECT_FILE REPO_ADD_PIPELINE_READER REPO_REMOVE_PIPELINE_READER PIPELINE_LIST_JOB REPO_WRITE REPO_DELETE_COMMIT REPO_CREATE_BRANCH REPO_DELETE_BRANCH REPO_ADD_PIPELINE_WRITER REPO_MODIFY_BINDINGS REPO_DELETE PROJECT_LIST_REPO PROJECT_CREATE_REPO PROJECT_DELETE PROJECT_MODIFY_BINDINGS]

How to Assign Roles to a User #

As Root Admin #

This guide assumes resources (projects, repositories) have already been created in your cluster.

ℹī¸

You can skip steps 2 and 3 if you are using the MockIdP connector and just want to explore/practice, as you are already logged in as the admin user. Even though you can assign permissions to new users in MockIdP, you cannot log in as them.

  1. Open your terminal.
  2. Connect as the root user using the following command:
pachctl auth use-auth-token
  1. Input your root token. If you did not initially set a pachd.rootToken or pachd.rootTokenSecretName in your Helm values.yaml configuration, the root token is autogenerated as a Kubernetes secret named pachyderm-auth that can be decoded and read using the following command:
kubectl get secret pachyderm-auth -o jsonpath="{.data.root-token}" | base64 --decode
  1. Verify you are connected as the root user by running the following command:
pachctl auth whoami
You are "pach:root"
  1. Run one of the following commands to assign a role:
Resource Type:
Admin RolesProject RolesRepo RolesMisc Roles
clusterAdminprojectViewerrepoReaderdebugger
oidcAppAdminprojectWriterrepoWriterrobotUser
idpAdminprojectOwnerrepoOwnerpachdLogReader
secretAdminprojectCreator
identityAdmin
licenseAdmin
  1. Confirm access by running the following command:
Resource Type:

You can also use these steps to update a users permissions.

As Project Owner #

  1. Open your terminal.
  2. Log in.
pachctl auth login
  1. Add a user and assign their role to a project that you own.
Resource Type:
  1. Confirm access by running the following command:
Resource Type: