Ohoy I want to grant a user read only access to NeuVector vi Rancher Users #neuvector-security

Ohoy! I want to grant a user read-only access to ...

salmon-morning-84088

04/29/2025, 11:16 AM

Ohoy! I want to grant a user read-only access to NeuVector via Rancher. I've followed the guide for Rancher RBAC (https://open-docs.neuvector.com/integration/rancher_sso_rbac/) but my unprivileged test user cannot see the NeuVector link in the Rancher dashboard. 🤔 Do you know if something more is needed to grant access to NeuVector via Rancher?

hundreds-evening-84071

04/29/2025, 2:39 PM

do you have to use Rancher RBAC? if this user does not have anything else to do in Rancher then why not setup authentication in Neuvector ?

salmon-morning-84088

04/29/2025, 2:40 PM

Yes, I have enabled that according to the README for the Helm chart.

salmon-morning-84088

04/29/2025, 2:40 PM

Sorry, I misread. New response in a minute

salmon-morning-84088

04/29/2025, 2:41 PM

Yeah, I do all my user management via Rancher so I would rather avoid having to create a whole new user management solution and, especially, expose that to the Internet.

hundreds-evening-84071

04/29/2025, 2:42 PM

oh okay - got it..

salmon-morning-84088

04/30/2025, 7:32 AM

Seems like NeuVector's docs are incorrect. They say to grant access to API group

<http://permission.neuvector.com|permission.neuvector.com>

but it's actually just

<http://neuvector.com|neuvector.com>

I think.

salmon-morning-84088

04/30/2025, 1:36 PM

No, not quite. It's

<http://permission.neuvector.com|permission.neuvector.com>

for access inside of NeuVector, but it's also required to have

get

<http://nvsecurityrules.neuvector.com|nvsecurityrules.neuvector.com>

in the

cattle-neuvector-system

namespace for Rancher to display the dashboard item. 🤔

8 Views

Open in Slack

Previous Next