Access controls in Compose apply not only to accounts and deployments but also to Enterprise clusters. Users or teams may be assigned roles on the cluster which give them permission to perform particular actions.
Teams are groups of users managed at the Account level, through the Teams menu item.
To set an Enterprise cluster's access control, the user or team must have been assigned the Enterprise Admin role at the Account level or been assigned the Admin role in clusters access control.
The access controls for an Enterprise cluster can be found by selecting the Enterprise view icon in the left-hand sidebar, selecting the cluster and then selecting Access in the left-hand menu.
Roles may be assigned by selecting the checkboxes next to the user or team names and clicking Save Changes.
The Provisioner role grants the user or team the ability to create new deployments in the cluster. The provisioner automatically gets Admin permission for any new deployments they create, but that deployment permission can be removed. If it is removed, the user cannot remove deployments as that requires Admin permission for the deployment.
Users with the Provisioner or Owner role at account level can also create new deployments in the cluster.
The Manager role when granted, allows the user or team the ability monitor the status of the cluster and configure the cluster.
The Admin role combines both Provisioner and Manager together with control over access and roles settings for this cluster. The Admin role also grants the user or team the ability to deprovision the cluster itself.
The Admin role for a cluster is automatically granted to any user with the Account level Enterprise Admin role. Enterprise Admins are therefore displayed with "Full Control (Account Admin)". The account owner also has full access to the account – they are implicitly an Enterprise Admin.
If this article didn't solve things, summon a human and get some help!
Updated about a year ago