When working with runtime autoprofiles, consider the following restrictions related to scopes and user roles:
If an image is not added to the scopes assigned to the user as part of a namespace in a cluster, the user cannot access autoprofiles generated using the digest of the image.
A user assigned the default scope can view all created autoprofiles.
If a user has the rights to manage autoprofiling, the user can start a task to build an autoprofile, change the settings and re-generate an autoprofile.
A user who did not start an autoprofiling task can change the settings, as well as rebuild and delete an autoprofile, if all of the following conditions are met:
The user has rights to manage autoprofiling
One of the user's roles coincides with the role of the autoprofiling task's creator at the time the autoprofile is created
The scopes assigned to the user include the image (as part of the namespace in the cluster) that the autoprofile is based on