Nadrama

Documentation Home

Projects & Access Control

Everything you need to know about Projects & Role-based Access Control (RBAC) Nadrama makes comprehensive role-based access easy.

  • Users
    On sign-up, once an email has been verified, it creates a new unique User across our platform.

  • Accounts
    On sign-up every User has a new Account created by default, unless they used an invite link to join an existing Account on sign-up. Users can be associated with multiple Accounts.

  • Groups
    Accounts can invite multiple Users, each must be assigned to a Group. There are currently five groups: Admins, Finance, Managers, Editors, Viewers.

  • Projects
    Group resources such as Clusters. Importantly, permissions can be differentiated between projects; for example, you might separate Clusters for different environments (e.g. dev, staging, production) into different Projects, and provide teams varying levels of access to each.

  • Account Role
    Each Groups must be assigned to an Account Role, which controls Nadrama Console access:

    • Admin
      Unrestricted access across the Account and all of its Projects.

    • Read-Only Admin
      View-only version of Account Admin role.

    • Billing Admin
      View/update billing information and invoices only.

    • Standard User
      Cannot access account settings or billing information, and view-only access to everything else, except where Project Roles determine access.

  • Project Roles
    Each Groups can be associated with one or more Project Roles per Project. If a Group is not assigned to a Project Role for a Project, the resources in it (e.g. Clusters) will not be manageable by that Group in the Console. The available Project Roles are:

    • Cluster Admin
      Can create/edit/delete clusters, maximally permissive cluster access.

    • Cluster Editor
      Can create and managed clusters but not delete them. In-cluster access can edit most resources, view cotainer logs, etc. this.

    • Cluster Operator
      Same as Cluster Editor but with shell access.

    • Cluster Viewer
      Read-only version of Cluster Editor.

Q&A

Q: What Account & Project Roles does each Group get by default?

  • Admins - Admin + Cluster Admin
  • Finance - Billing Admin + no Project roles
  • Operators - Standard User + Cluster Operator
  • Editors - Standard User + Cluster Editor
  • Viewers - Standard User + Cluster Viewer

Q: How do Project Roles get implemented in Kubernetes for the cluster?
For each cluster, Nadrama fully manages its Cluster Roles, Cluster Role Bindings, Roles, and Role Bindings. e.g. the Cluster Admin project role has:

  1. a ClusterRole with read access to Nodes
  2. a ClusterRoleBinding for that ClusterRole to each group
  3. a Role with all permissions for a namespace
  4. a RoleBinding for each Namespace to bind that ClusterRole to each group
Nadrama

The fastest, easiest way to run containers in your cloud account.

Sign Up FREELog In

Product

FeaturesPricingDocs

Company

AboutBlogCareers

Resources

PrivacyTermsSecurity

Connect

BlueskyTwitterLinkedin

Copyright © 2025 Nadrama Pty Ltd

This website uses cookies to help us deliver the best experience & for marketing. Read our Privacy Policy for information about how we use cookies.