Global Resources1

Global Resources are non-namespaced resources provided by Rancher. Users who are cluster-owners/project-owners do not have access to several of these by default. For example principals and roletemplates.

The resources are documented here to support administrators creating and/or modifying custom sets of permissions with finding the minimum set of permissions needed for a particular task in the dashboard.

As an example, to use the cluster/project permissions pages of the dashboard requires permissions on principals to search/display a readable name for users, and on roleTemplates, to see a list of usable roleTemplates as well as to display a readable name for the role.

Please see the list below to determine what permissions you may need when creating a least-privilege user.

Group	Resource	Purpose
auditlog.cattle.io	auditpolicies	Specification of log filers, redactions, verbosity
catalog.cattle.io	clusterrepos	Helm chart repository location and credentials
management.cattle.io	authconfigs	Configuration of external auth service providers
management.cattle.io	clusters	Remote cluster management
management.cattle.io	features	Feature controlling rancher behaviour
management.cattle.io	globalrolebindings	Binding of user/group to a global role
management.cattle.io	globalroles	Custom role for global permissions (applied local and remote)
management.cattle.io	nodedrivers	Configuration of driver to provision clusters with a cloud service provider
management.cattle.io	roletemplates	Template for custom roles managing project- or cluster-specific permissions
management.cattle.io	settings	Setting controlling Rancher behaviour
management.cattle.io	tokens	Raw API key, old style.
management.cattle.io	userattributes	Additional information about a managed User
management.cattle.io	users	User known to and managed by Rancher
telemetry.cattle.io	secretrequests	Request creation of a secret with arbitrary name, in any namespace