https://rancher.com/ logo
Title
c

crooked-cat-21365

03/03/2023, 4:36 PM
Apparently everybody with ClusterMember permission can create his own project without resource limits and become a ProjectOwner. Would it be possible to fix this? How about setting at least some default project constraints for each managed cluster?
s

square-orange-60123

03/05/2023, 4:54 AM
That is the default behavior: https://ranchermanager.docs.rancher.com/v2.5/how-to-guides/advanced-user-guides/authenticati[…]e-based-access-control-rbac/cluster-and-project-roles Not sure what your use case is, but sounds like it would be worth reading on the built-in project roles, and how to create your own custom role.
c

crooked-cat-21365

03/06/2023, 8:09 AM
I understand that this is the default, but its a bad choice (IMHO). Creating new projects should be the job of the cluster owner. I do have a derived ClusterMember role (based on the default ClusterMember role). How can I remove the permission to create projects in the derived role?