The PaletteAI Helm chart renders template ConfigMaps into the Helm release namespace. Each template holds a default list of Kubernetes PolicyRule entries used when defining Project-scoped access for Viewer, Editor, and Admin roles.
PaletteAI enforces role-based access control (RBAC) across the UI. Actions such as creating, editing, or deleting resources are available only to users whose role includes the required permissions. If a button or action described below is not visible, your role likely does not grant the necessary access. Contact your administrator to request access.
This page lists the full Kubernetes Role-Based Access Control (RBAC) permissions that PaletteAI grants to each Tenant and Project role. For an overview of each role and how OpenID Connect (OIDC) groups bind to roles, refer to the Roles and Permissions concept page.
PaletteAI manages permissions using standard Kubernetes Role-Based Access Control (RBAC), with one consistent extension: every role in PaletteAI is bound to OpenID Connect (OIDC) groups rather than to individual users. When you create a Tenant or Project, PaletteAI generates the underlying roles and role bindings automatically and connects them to the OIDC groups you specify in the Tenant's tenantRoleMapping or the Project's roleMapping. Group membership in your identity provider grants or revokes access; there are no per-user resources to maintain inside the cluster.