本文档采用自动化机器翻译技术翻译。尽管我们力求提供准确的译文，但不对翻译内容的完整性、准确性或可靠性作出任何保证。若出现任何内容不一致情况，请以原始英文版本为准，且原始英文版本为权威文本。

Global Resources

Global Resources are non-namespaced resources provided by Rancher. Users who are cluster-owners/project-owners do not have access to several of these by default. For example principals and roletemplates.

The resources are documented here to support administrators creating and/or modifying custom sets of permissions with finding the minimum set of permissions needed for a particular task in the dashboard.

As an example, to use the cluster/project permissions pages of the dashboard requires permissions on principals to search/display a readable name for users, and on roleTemplates, to see a list of usable roleTemplates as well as to display a readable name for the role.

Please see the list below to determine what permissions you may need when creating a least-privilege user.

Group	Resource	Purpose
auditlog.cattle.io	auditpolicies	Specification of log filers, redactions, verbosity
catalog.cattle.io	clusterrepos	Helm chart repository location and credentials
management.cattle.io	authconfigs	Configuration of external auth service providers
management.cattle.io	clusters	Remote cluster management
management.cattle.io	features	Feature controlling rancher behaviour
management.cattle.io	globalrolebindings	Binding of user/group to a global role
management.cattle.io	globalroles	Custom role for global permissions (applied local and remote)
management.cattle.io	nodedrivers	Configuration of driver to provision clusters with a cloud service provider
management.cattle.io	roletemplates	Template for custom roles managing project- or cluster-specific permissions
management.cattle.io	settings	Setting controlling Rancher behaviour
management.cattle.io	tokens	Raw API key, old style.
management.cattle.io	userattributes	Additional information about a managed User
management.cattle.io	users	User known to and managed by Rancher
telemetry.cattle.io	secretrequests	Request creation of a secret with arbitrary name, in any namespace

Group

Resource

Purpose

auditlog.cattle.io

auditpolicies

Specification of log filers, redactions, verbosity

catalog.cattle.io

clusterrepos

Helm chart repository location and credentials

management.cattle.io

authconfigs

Configuration of external auth service providers

management.cattle.io

clusters

Remote cluster management

management.cattle.io

features

Feature controlling rancher behaviour

management.cattle.io

globalrolebindings

Binding of user/group to a global role

management.cattle.io

globalroles

Custom role for global permissions (applied local and remote)

management.cattle.io

nodedrivers

Configuration of driver to provision clusters with a cloud service provider

management.cattle.io

roletemplates

Template for custom roles managing project- or cluster-specific permissions

management.cattle.io

settings

Setting controlling Rancher behaviour

management.cattle.io

tokens

Raw API key, old style.

management.cattle.io

userattributes

Additional information about a managed User

management.cattle.io

users

User known to and managed by Rancher

telemetry.cattle.io

secretrequests

Request creation of a secret with arbitrary name, in any namespace