Skip to content

How access control is evaluated

Project Membership

A user "belongs" to a project if there exists at least one role binding that links the user to any role and either:

  • a specific project, or
  • no project (global role binding, i.e., applies the permissions of the role to all projects).

Permission checks

Every access decision—view, edit, admin—is based on the existence of a role binding that grants the required permission on the relevant scope (project or global).

  • A project-level admin permission satisfies any project-level permission requirement.
  • A global admin permission satisfies both global and any project-level permission requirements.

Active Project

Selecting the Active Project on the web application

When the feature flag is enabled, a new selector for the currently selected project is available in the page breadcrumb. This selector is used to filter the resources displayed in the different pages. Changing it reloads the current view with the selected Active Project.

Active Project selector

My Scope, the default project

My Scope is the project option selected when the user has not explicitly chosen a project. It represents “all resources I can access” rather than a single project.

How RBAC behaves with My Scope

  • Resource visibility\ When My Scope is selected, the UI shows every resource the user is allowed to see through any of their role bindings—whether those bindings are global or scoped to specific projects. The list is the union of all project-scoped access plus any global access. There is no project-based filter.

  • Which permissions apply\ For actions in the context of My Scope (e.g. editing an asset, running a scan), only global role bindings are considered. Project-level bindings do not grant permissions in this context. So a user who has edit only in “Project A” will see resources from Project A in My Scope, but must switch the active project to “Project A” to perform edit actions on them.

  • Comparison with a specific project\ When a specific project is selected, visibility and permissions are limited to that project: the user sees only resources in that project and can perform only actions allowed by role bindings for that project (or by global bindings). My Scope inverts the emphasis: show everything the user can see, but allow actions only where global bindings apply.