Role-Based Access Control

Overview

Kloudfuse RBAC controls access along two distinct paths: what telemetry data an identity can query, and what platform content — dashboards, alerts, and folders — they can view and edit.

Every user is assigned one of three roles — Admin, Editor, or Viewer — either manually or through SSO group synchronization. The role determines platform-level capabilities such as creating resources, managing users, and configuring policies. Admin users always have full access to all data and platform features. For Editor and Viewer users, data visibility is further controlled by assigning a Policy to their Team or directly to the User, or by the cluster-wide default_rbac_policy setting.

Folder permissions provide a second layer of content access control. Users, Teams, Roles, and Service Accounts can each be granted View, Edit, Admin, or No Access on individual folders, independently of their system role.

Topics

Access Control Architecture
Configure Default RBAC Policy
Manually Assigning User Roles
Folder Permissions
Role Permissions