If you want to provide a user with access and permissions to all projects, nodes, and resources within a cluster, assign the user a cluster membership.
Tip: Want to provide a user with access to a specific project within a cluster? See Adding Project Members instead.
There are two contexts where you can add cluster members:
Adding Members to a New Cluster
You can add members to a cluster as you create it (recommended if possible).
You can always add members to a cluster after a cluster is provisioned.
Editing Cluster Membership
Cluster administrators can edit the membership for a cluster, controlling which Rancher users can access the cluster and what features they can use.
- Click ☰ > Cluster Management.
- Go to the cluster you want to add members to and click ⋮ > Edit Config.
- In the Member Roles tab, click Add Member.
Search for the user or group that you want to add to the cluster.
If external authentication is configured:
Rancher returns users from your external authentication source as you type.
Using AD but can’t find your users? There may be an issue with your search attribute configuration. See Configuring Active Directory Authentication: Step 5.
A drop-down allows you to add groups instead of individual users. The drop-down only lists groups that you, the logged in user, are part of.
Note: If you are logged in as a local user, external users do not display in your search results. For more information, see External Authentication Configuration and Principal Users.
Assign the user or group Cluster roles.
Tip: For Custom Roles, you can modify the list of individual roles available for assignment.
Result: The chosen users are added to the cluster.
- To revoke cluster membership, select the user and click Delete. This action deletes membership, not the user.
- To modify a user’s roles in the cluster, delete them from the cluster, and then re-add them with modified roles.