Role Permissions

Table of Contents

Overview
Permissions Matrix
Data Access

Overview

Kloudfuse provides three roles that control what a user can do across the platform:

Admin	Full access to all platform features, including user management, policy configuration, and all telemetry data.
Editor	Can create and edit most resources. Data visibility depends on the `default_rbac_policy` setting — Editors with `rbac_allow_all` can query all telemetry streams, while Editors with `rbac_allow_none` are denied data access unless an explicit policy grants access. See Default RBAC Policy.
Viewer	Read-only access to platform resources. Data visibility depends on the `default_rbac_policy` setting — Viewers with `rbac_allow_all` can query all telemetry streams, while Viewers with `rbac_allow_none` are denied data access unless an explicit policy grants access. See Default RBAC Policy.

Admin

Full access to all platform features, including user management, policy configuration, and all telemetry data.

Editor

Can create and edit most resources. Data visibility depends on the default_rbac_policy setting — Editors with rbac_allow_all can query all telemetry streams, while Editors with rbac_allow_none are denied data access unless an explicit policy grants access. See Default RBAC Policy.

Viewer

Read-only access to platform resources. Data visibility depends on the default_rbac_policy setting — Viewers with rbac_allow_all can query all telemetry streams, while Viewers with rbac_allow_none are denied data access unless an explicit policy grants access. See Default RBAC Policy.

Roles are assigned directly in the UI or automatically via SSO group synchronization. See Manually Assigning User Roles and SSO Role Groups.

Permissions Matrix

Permission	Admin	Editor	Viewer
USER & ACCESS MANAGEMENT
View / Delete Users	✓	✗
Modify User Roles	✓	✗
Manage Teams (as Team Admin)	✓	✓
Manage Teams (as Team Member)	✓	View	✗
View Teams	All teams	Own teams only
View / Manage Service Accounts	✓	✗
View / Manage Policies	✓	✗
View Folders	✓	✓
Create / Edit / Delete Folders	All folders	Folder permissions
DASHBOARDS & VISUALIZATION
View Dashboards	✓	✓
Create / Edit / Delete Dashboards	✓	Folder permissions
ALERTING & MONITORING
View Alerts	✓	✓
Create / Edit / Delete Alert Rules	✓	Folder permissions
Create / Edit / Delete Alert Contact Points	✓	✓	✗
Create / Edit / Delete Alert Notification Channels	✓	✓	✗
Create / Edit / Delete SLOs	✓	View
PLATFORM CONFIGURATION
RUM Applications	✓	✓	View
Lookup Tables	✓	✓	View
Scheduled Views	✓	✓	View
Saved Log Queries	✓	✓	View
Rate Control	✓	View
Data Scrubbing	✓	View
Favorite Facets	✓	✓	View

Permission

Admin

Editor

Viewer

USER & ACCESS MANAGEMENT

View / Delete Users

✓

✗

Modify User Roles

✓

✗

Manage Teams (as Team Admin)

✓

Manage Teams (as Team Member)

✓

View

✗

View Teams

All teams

Own teams only

View / Manage Service Accounts

✓

✗

View / Manage Policies

✓

✗

View Folders

✓

Create / Edit / Delete Folders

All folders

Folder permissions

DASHBOARDS & VISUALIZATION

View Dashboards

✓

Create / Edit / Delete Dashboards

✓

Folder permissions

ALERTING & MONITORING

View Alerts

✓

Create / Edit / Delete Alert Rules

✓

Folder permissions

Create / Edit / Delete Alert Contact Points

✓

✗

Create / Edit / Delete Alert Notification Channels

✓

✗

Create / Edit / Delete SLOs

✓

View

PLATFORM CONFIGURATION

RUM Applications

✓

View

Lookup Tables

✓

View

Scheduled Views

✓

View

Saved Log Queries

✓

View

Rate Control

✓

View

Data Scrubbing

✓

View

Favorite Facets

✓

View

✓ Full access View View only ✗ No access

Data Access

For Admin users, all telemetry data streams are always accessible. For Editor and Viewer users, data access is controlled by the default_rbac_policy setting or an explicit policy assigned to their team or directly to the user. See Default RBAC Policy.

Data Source	Admin	rbac_allow_all	rbac_allow_none
Metrics Explorer	✓	✓	✗
Logs Explorer	✓	✓	✗
APM Explorer	✓	✓	✗
Events Explorer	✓	✓	✗
RUM (Real User Monitoring)	✓	✓	✗
Infrastructure Monitoring	✓	✓	✗

Data Source

Admin

rbac_allow_all

rbac_allow_none

Metrics Explorer

✓

✗

Logs Explorer

✓

✗

APM Explorer

✓

✗

Events Explorer

✓

✗

RUM (Real User Monitoring)

✓

✗

Infrastructure Monitoring

✓

✗

✓ Full access ✗ No access