User access regexp based


I’ve been wondering how I can give Access to all our users only to there host.

Something like user ABC can only see and use in rancher, the Server named ABC-srv.

Our user are ldap/ad based.

Is there any ways to achieve that dynamically?

Any clues appreciated :slight_smile:

Thanks a lot,


Access control is at the Environment level. So you can give each user an environment and make them the only one that has access to it. Actually when they first login they will get an theirname-default environment setup that way if their user has no access to any other environments.

Nice tips indeed!

Thanks Vincent!

Any chances to achieve something like that.:
-A new user logs in via it’s ldap authentication.
-an environment is dynamically created for this user
-a specific registration endpoint is created

Thus would allow the user to add it’s desktop to the center rancher server in only one shot, without ops to do anything to make it happen.

Let me know what you think :slight_smile:


Like I said that’s basically what happens by default… When a user first logs an environment is created for them (unless they already have access to some via group memberships). They would then click add host and copy/paste/run the custom host registration command on their desktop.

Cool !

Thanks a lot Vincent !

One last Question : is there any way for the admin to have a “special environment” that can make us see all hosts deployed in every environment ?


No, but admin users can see and go into/use all the environments.

sad :frowning:

thanks a lot for your precious answers vincent