Adding users, roles, and application scopes

To add a user account:

1. In the Administration → Access management → Users section, click the Add user button above the list of users.
2. In the window that opens, specify the following settings:
   • User name is a unique value that must be assigned to a user for identification within Kaspersky Container Security.

     A user name can include only letters of the English alphabet and numerals. The minimum user name length is 4 characters, and the maximum user name length is 254 characters.

   • Display name (optional) is the value that is displayed in the solution web interface. If this parameter is not specified, the user name is displayed in the web interface.
   • Email (optional).
3. Enter the password in the Password field.

   Passwords have the following requirements:

   • The password must contain numerals, special characters, and uppercase and lowercase letters.
   • The minimum password length is 6 characters, and the maximum password length is 72 characters. The default password length is 8 characters.
4. Confirm the entered password in the Confirm password field.
5. Select the check box if the user should change the password the next time the solution starts.
6. Assign a role to the user by selecting from the list of available roles.

   While you are not required to assign a role when creating a user, a new user without an assigned role will not be able to interact with Kaspersky Container Security.

7. Click Add.

To add a user, permission to view and configure settings is required. If you do not have this permission, any user you add will only be able to view the main page of the solution.

To add a user role:

1. In the Administration → Access management → Roles section, click the Add role button above the list of roles.
2. In the window that opens, specify the following values:
   • Role ID is a unique value that must be assigned to a role for identification within Kaspersky Container Security.

     The role ID can include uppercase Latin letters and numbers. A role ID cannot contain special characters or spaces.

   • Role name is the value displayed in the solution web interface.
   • Description (optional).
   • Application scope is a setting that is used to differentiate access to resources.
3. In the Active Directory mapping field, specify the Active Directory groups that the user belongs to.
4. Select the check boxes next to the permissions that will be available for the role being added.
5. Click Add.

To add a scope:

1. In the Administration → Access management → Scopes section, click the Add application scope button above the table with the list of scopes.
2. In the window that opens, specify the scope name and, if necessary, an application scope description.
3. In the Resources section, select the resources for the application scope:
   • Click the Add resources by registry button, and in the drop-down list, select the registries for the application scope. You can define a more specific application scope by selecting specific repositories and images from these repositories in the drop-down list.
   • Click the Add resources by cluster button and select the orchestrators for the application scope from the drop-down list. You can define a more specific application scope by selecting specific clusters, namespaces, and images from the orchestrators used to deploy the containers in the clusters.

   You must specify at least one resource for which access is granted for monitoring.

4. Click Set objects to scope.
5. Save the scope by clicking the Save button.