User accounts created and used in Cloud Z CP are managed as one in the console and each Add-on Service.
However, user accounts are managed separately for the Image Registry and Source Repository services.
View user list
You can view previously created users in a list, and view information such as user ID, email, name, cluster permissions, and number of namespaces used.
You can add and delete users and navigate to view user details.
To view the list of users:
- Select Users from the side menu.
- Then, a user screen like the screenshot below will appear and you can view the user list.
User created
Create a user to use the Cloud Z CP console and Add-on services.
To create a new user:
- Select Users from the side menu.
- At the top right of the user screen. Click the Add User button.
3. Enter the information in the Add User screen and click the Register button
- User ID:
- Name:
- Cluster Permissions: cluster-admin or member
4. When the Add User pop-up appears, click the OK button.
Change user information
Once a user is created, you can manage user authentication, security settings, permissions, etc. from the user list screen.
- Click the link associated with the ID of the user you want to change.
- This will bring up a screen where you can change your basic information for each tab and set your Credentials and access rights.
Change user basic information
In the User Information tab, you can change the information below:
| Item | 설명 |
|---|---|
| You can change the user's email, but you cannot use an email that is the same as an existing user. | |
| Name | You can change the displayed username. |
| User Enabled | You can set the user status to enabled (ON) or disabled (OFF). If the user is disabled, they cannot log in. |
| Email Verified | Indicates whether the email is verified. If set to unverified (OFF), the user must verify their email again to log in |
| Required Action | A feature that restricts login until all four displayed items are completed.
|
Required Action Step by Step
- Change Password Screen
- Mobile authentication change screen
- Change profile screen
Setting up Credentials
In the Credentials tab, you can set up password reset, two-factor login (OTP), and initialization notification email sending functions.
| item | 설명 |
|---|---|
| Reset Password | You can force a user password reset or force a password change when the user logs in. |
| Set up two-factor login security | This feature allows users to process OTP authentication registration when logging in. When a user sets up mobile authentication when logging in, the status changes to active (ON). |
| Initialize Credentials | This feature sends an authentication initialization request email to the user. An email containing an authentication link is sent to the user. You can set the authentication link validity period in days, hours, and minutes. |
Reset Password
Initialize Credentials
- Confirm your email
- After clicking the link, check the contents that need to be changed and click the Click here button to continue.
- Register to change authentication information
Set access permissions
Access control for ZCP's own services and Kubernetes is performed through two types of access control. For this, Kubernetes' RBAC is utilized.
For more detailed information, Please refer to Using RBAC Authorization of User-facing Roles
You can also grant admin rights to the ZDB Add-on. ((info) ZCP v1.1 update feature)
Cluster Permissions
| Authority Name | explanation |
|---|---|
cluster-admin | It is like a superuser with access to all functions within the ZCP Cluster. |
member | You have basic access to the console within your ZCP Cluster. |
ZDB Permissions
| Authority Name | explanation |
|---|---|
| ZDB Admin | Grants namespace administrator privileges to the ZDB Console. You can manage namespace settings in the ZDB Console. For more details Cloud Z DB 소개 (관리자용) |
Namespace permissions
| Authority Name | ClusterRole | In ZCP? |
|---|---|---|
| admin | Read and write access to all resources within the namespace. | You can access the following menus:
|
| cicd-manager | Copy edit ClusterRole that can read and write to most resources except roles and rolebindings within the namespace. | You can access the following menus:
|
| developer | Copy ClusterRole, a view that only allows reading for most resources except roles and rolebindings within the namespace. | 다음 메뉴에 접근이 가능합니다.
|
Delete user
Users can delete in two ways:
- Use the delete button on the user list screen
- Use the Delete button on the user information screen
To remove yourself from the user list:
- Select Users from the side menu.
- In the Manage column of the user you want to delete from the user list
To delete from your user information:
- Select Users from the side menu.
- Click the link associated with the ID of the user you want to change.
- Click at the top right of the screen
Online consultation
Contact us