Hi @quick691
To first thank you for your solution which was useful to me.
I’m working on Rancher rights, my goal is to create a limited project level profile that allows to see only workloads (see events, metrics) and config maps.
Since I’m on Rancher 2.6 for metrics there is now a dedicated role monitoring-ui-view (see Rancher Docs: Role-based Access Control) which works well.
With that my users have access to grafana but there are two problems:
1/ As I explain in my ticket Advanced View Workloads Role I would like my users to be able to directly see the workloads-metric tab in Rancher; Do you have an idea?
2/ The error message services "http:rancher-monitoring-grafana:80" is forbidden: User "u-fhws6" cannot create resource "services/proxy" in API group ... remains but only for a particular path /k8s/clusters/c-t4vjj/api/v1/namespaces/cattle-monitoring- system/services/http:rancher-monitoring-grafana:80/proxy/api/frontend-metrics. I guess I need to give cluster level rights on some resource other than workloads, I haven’t found what yet, do you think I’m on the right direction?
Thanks