Access Control

Role-based access control

Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within your organization. RBAC authorization uses the rbac.authorization.k8s.io API group to drive authorization decisions, allowing you to dynamically configure policies through the Kubernetes API.

Role and ClusterRole

An RBAC Role or ClusterRole contains rules that represent a set of permissions. Permissions are purely additive, and there are no deny or exclusion rules. A Role always sets permissions within a particular namespace, and the namespace that a role belongs in must be specified when creating a Role.

A ClusterRole, in contrast, is not associated with a namespace, and can be used to define permissions on namespaced resources to be granted within an specific namespace or across all namespaces, and to define permissions to clusters.

In other words, use a Role to define a role within a namespace. Alternatively, use a ClusterRole to define a cluster-wide role.

Roles and Permissions

The following table gives detailed information about the permissions allowed for various roles. These permission belong to the backup.druva.com API group.

Kubernetes Resources	Permissions	Admin Role	Backup Role	Restore Role	Scheduler Role
ApplicationGroup	Create an application group	Yes	Yes	No	No
	Delete an application group	Yes	Yes	No	No
	Patch an application group	Yes	Yes	No	No
	Update an application group	Yes	Yes	No	No
	Get an application group	Yes	Yes	No	Yes
	List application groups	Yes	Yes	No	Yes
	Watch an application group	Yes	Yes	No	Yes
Application	Create an application	Yes	No	No	No
	Delete an application	Yes	No	No	No
	Patch an application	Yes	No	No	No
	Update an application	Yes	No	No	No
	Get an application	Yes	Yes	No	No
	List applications	Yes	Yes	No	No
	Watch an application	Yes	Yes	No	No
Backups	Create a backup	Yes	No	No	No
	Delete a backup	Yes	Yes	No	Yes
	Patch a backup	Yes	No	No	No
	Update a backup	Yes	No	No	No
	Get a backup	Yes	Yes	No	Yes
	List backups	Yes	Yes	No	Yes
	Watch a backup	Yes	Yes	No	Yes
BackupTriggers	Create a backup trigger	Yes	Yes	No	Yes
	Delete a backup trigger	Yes	No	No	No
	Patch a backup trigger	Yes	No	No	No
	Update a backup trigger	Yes	No	No	No
	Get a backup trigger	Yes	Yes	No	No
	List backup triggers	Yes	Yes	No	No
	Watch a backup trigger	Yes	Yes	No	No
RestoreAccessRequests	Create a restore access request	Yes	No	Yes	No
	Delete a restore access request	Yes	No	Yes	No
	Patch a restore access request	Yes	No	No	No
	Update a restore access request	Yes	No	No	No
	Get a restore access request	Yes	No	Yes	No
	List restore access requests	Yes	No	Yes	No
	Watch a restore access request	Yes	No	Yes	No
Restores	Create a restore	Yes	No	Yes	Yes
	Delete a restore	Yes	No	Yes	Yes
	Patch a restore	Yes	No	No	No
	Update a restore	Yes	No	No	No
	Get a restore	Yes	No	Yes	Yes
	List restores	Yes	No	Yes	Yes
	Watch a restore	Yes	No	Yes	Yes
Clusters	Create a cluster	No	No	No	No
	Delete a cluster	No	No	No	No
	Patch a cluster	No	No	No	No
	Update a cluster	No	No	No	No
	Get a cluster	Yes	Yes	Yes	Yes
	List clusters	Yes	No	No	No
	Watch a cluster	Yes	No	No	Yes
RestorePoints	Create a restore point	No	No	No	No
	Delete a restore point	No	No	No	No
	Patch a restore point	No	No	No	No
	Update a restore point	No	No	No	No
	Get a restore point	Yes	Yes	Yes	No
	List restore points	Yes	Yes	Yes	No
	Watch a restore point	Yes	Yes	Yes	No
Status	Get status of the application groups	Yes	Yes	No	Yes
	Get status of the backups	Yes	Yes	No	Yes
	Get status of the clusters	Yes	No	No	Yes
	Get status of the restores	Yes	No	Yes	Yes
	Get status of the restore access requests	Yes	No	Yes	No

Druva Operator Limits

Pod Type	CPU (millicores)		Memory (Mi)
	Request	Limit	Request	Limit
Controller	100	100	128	128

SUPPORT community

support Resources

More links

Support Contacts