Access Rules
This section explains the procedure to manage Access rules.
Access rules provide users, groups, or applications privileges to system entities. An access rule is the assignment of a role to a subject in a scope: <Subject> is a <Role> in a <Scope>. For example, user [email protected] is a department admin in department A.
Access Rules Table
The Access rules table can be found under Access in the NVIDIA Run:ai platform.
The Access rules table provides a list of all the access rules defined in the platform and allows you to manage them.
Flexible management
It is also possible to manage access rules directly for a specific user, application, project, or department.
The Access rules table consists of the following columns:
Type
The type of subject assigned to the access rule (user, SSO group, or application).
Subject
The user, SSO group, or application assigned with the role
Role
The role assigned to the subject
Scope
The scope to which the subject has access. Click the name of the scope to see the scope and its subordinates
Status
The access rule creation status.
Authorized by
The user who granted the access rule
Creation time
The timestamp for when the rule was created
Last updated
The last time the access rule was updated
Access Rule Status
The following table describes the condition of access rules and whether they were successfully created for the selected scope. The status indicates whether the access rule is synced in the cluster.
No issues found
No issues were found while creating the access rule
Issues found
Issues were found while enforcing the access rule in the cluster(s). Contact NVIDIA Run:ai support.
Creating…
The access rule is being created in the cluster
No status
Status cannot be displayed because the current version of the cluster is not up to date or unknown
Customizing the Table View
Filter - Click ADD FILTER, select the column to filter by, and enter the filter values
Search - Click SEARCH and type the value to search by
Sort - Click each column header to sort by
Column selection - Click COLUMNS and select the columns to display in the table
Download table - Click MORE and then Click Download as CSV. Export to CSV is limited to 20,000 rows.
Adding New Access Rules
To add a new access rule:
Click +NEW ACCESS RULE
Select a subject - User, SSO Group, or Application
Select or enter the subject identifier. You can define up to 10 subjects of the selected type:
User Email for a local user created in NVIDIA Run:ai or for SSO user as recognized by the IDP
Group name as recognized by the IDP
Application name as created in NVIDIA Run:ai
Select a role
Select up to 10 scopes where the access rule will apply
Click SAVE RULE
Editing an Access Rule
Access rules cannot be edited. To change an access rule, you must delete the rule, and then create a new rule to replace it.
Deleting an Access Rule
Select one or more access rules you want to delete
Click DELETE
On the dialog, click DELETE to confirm
Viewing Your User Access Rule
To view the assigned roles and scopes you have access to:
Click the user avatar at the top right corner, then select Settings
Click User details
The list of assigned roles and scopes will be displayed.
Using API
Go to the Access rules API reference to view the available actions.
Last updated