- The account which enables access control (in the “test and enable” section) becomes the (only) admin at that time.
- After access control is on, you can mark additional individual accounts as admins (after that person has logged in once, for us to create an account entry and show up in the Accounts tab).
- You can also downgrade yourself from Admin to User, after there is another Admin defined.
- Admin-ness is directly stored in the Rancher DB. There is not currently a way to derive it by a user’s membership in a group/org according the auth provider.
- Being an admin allows you to use the stuff in the Admin tab, which is primarily system-wide configuration. And also to manipulate any Environment (without having to be a member of it).
- Environments have a separate, unrelated concept of Role. Users/groups/orgs can be added as a member of an Environment, and given (currently) 4 levels of control over that environment. This is the level that controls access to individual resources like Hosts.
1 Like