# Add New Roles

Role-Based Access Control (RBAC) is a critical security feature in Kubeflow that allows administrators to define granular permissions for users. Instead of assigning permissions directly, you create Roles that contain a set of rules, and then bind those roles to users. This guide details the end-to-end process of creating a new custom role, defining its permissions, and managing it through the Kubeflow user interface.

## Navigate to the Roles Management Page

To begin, you must access the central area for role administration.

1. Click on the "Settings" icon in the main navigation sidebar.
2. On the Settings page, you will see a secondary navigation menu. Select the "Roles" option to proceed to the roles management dashboard.

<figure><img src="/files/jo5UYZmWYexNTwiV6RuL" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/Fs1N8b9OWRnqhHsPicqK" alt=""><figcaption></figcaption></figure>

## Initiate the Role Creation Process

The Roles dashboard displays all existing roles within the namespace. To create a new one, click the “Create Role” button, typically located in the upper right corner of the page.

<figure><img src="/files/Bhq2dWWzb4IpnbXtV1ta" alt=""><figcaption></figcaption></figure>

This action will launch the “Create New Role” dialog box, where you will define the role's name and its specific permissions.

## Define the Role Name and Policy Rules

In the dialog box, you must first provide a descriptive “Role Name”. This name should clearly represent the persona or function of the users who will be assigned this role. For this example, we will name the role “Data Scientist”.

<figure><img src="/files/Eql6TyguApAvyRFOYPEM" alt=""><figcaption></figcaption></figure>

Next, you will configure the “Policy Rules”. A policy rule is the core of a role, defining what actions a user can perform on specific Kubeflow resources. Each rule consists of two parts:

* Resources: These are the Kubeflow objects that the role can interact with (e.g., Notebooks, Pipelines, TFJobs). You can select one or more resources for a single rule.
* Verbs: These are the permitted actions that can be performed on the selected resources (e.g., get, list, create, delete).

<figure><img src="/files/b0UKDKpt3lYSljjHc5aQ" alt=""><figcaption></figcaption></figure>

For our “Data Scientist” role, we will configure three distinct rules to grant a specific set of permissions. Use the “+ Add Rule” button to create additional rules.

Rule 1: Full Control over Notebooks

* Resources: Select Notebooks.
* Verbs: Check the boxes for create, get, list, and delete. This gives the user full lifecycle control over their notebook servers.

Rule 2: Permission to Run and View Pipelines

* Resources: Select both Runs and Pipelines.
* Verbs: Check the boxes for get, list, and create. This allows the user to view existing pipelines and execute new runs, but not delete them.

Rule 3: Read-Only Access to Training Jobs

* Resources: Select both TFJobs and PyTorchJobs.
* Verbs: Check the boxes for get and list. This allows the user to monitor and view the details of training jobs without being able to create or delete them.

<figure><img src="/files/ObvBe72SjIGr2k106PYz" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/z0JDeuizq7ASWQa3IN5H" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/M9Vo5Vo5qrzYIUhA1iW7" alt=""><figcaption></figcaption></figure>

Once all the rules are configured, click the “Create Role” button to finalize the process.

## Verify and Manage the New Role

After successful creation, you will be returned to the Roles dashboard. The new “Data Scientist” role will now appear in the “Existing Roles” list.

<figure><img src="/files/IOth3tgTZqBmIsnZgqyY" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/1x4YHkeFCiJGwXEWohDV" alt=""><figcaption></figcaption></figure>

In the “Actions” column on the right side of the list, you will find two icons for managing the role:

a. Role Details (Eye Icon): Clicking the eye icon opens a detailed view of the role. This page displays Basic Information (Name, Namespace, Creation Date) and lists all the Policy Rules you configured, providing a clear audit trail of the role's permissions.

<figure><img src="/files/q1w51LFwwMnrkypNfjSF" alt=""><figcaption></figcaption></figure>

b. Bind Role to User (Chain Icon): Clicking the chain icon allows you to assign this role to a specific user. A dialog box will appear containing the "Role Name" and "Namespace". You simply need to select the desired "User" from the dropdown list. Once selected, click the “Bind User” button. This action creates a *RoleBinding*, officially granting the user all the permissions defined in the role.

<figure><img src="/files/gSPqSvKCT3U0Pt6kJomH" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/7Cbsil3iddWpSxtHXMe1" alt=""><figcaption></figcaption></figure>

<figure><img src="/files/2Bf14H2OXfEUGtehFgxz" alt=""><figcaption></figcaption></figure>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.cloudeka.ai/deka-gpu-mlops/role-based-access-control-rbac/add-new-roles.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.