This topic describes the default roles in OceanBase Cloud Platform (OCP) and their permissions. Default OCP roles are built-in roles and cannot be deleted or edited.
The default roles vary based on organizations.
Default organization
The following table describes the default roles in the default organization named default.
| Role | Description | Permission |
|---|---|---|
| ADMIN | The OCP administrator role, which has the maximum permissions in OCP. | All permissions |
| ADMIN_VIEWER | The OCP read-only role, which has the management permission on all OceanBase Database tenants managed by OCP, and the read-only permission on associated resources such as OceanBase clusters, OBProxy clusters, hosts, background tasks, and alerts. | |
| ARBITRATION_MANAGER | The arbitration service administrator role, which has the management permission on all arbitration services managed by OCP as well as software packages, and the read-only permission on associated resources such as clusters, tenants, and hosts. | Arbitration service management permission |
| ARBITRATION_VIEWER | The arbitration service read-only role, which has the read-only permission on all arbitration services managed by OCP as well as associated resources such as clusters, tenants, hosts, and software packages. | Arbitration service read-only permission |
| CLUSTER_MANAGER | The cluster administrator role, which has the management permission on all OceanBase clusters and OBProxy clusters managed by OCP as well as associated resources such as hosts, background tasks, alerts, software packages, and inspections, and the read-only permission on users and arbitration services, which are indirectly associated with the clusters. | Cluster management permission |
| CLUSTER_VIEWER | The cluster read-only role, which has the read-only permission on all OceanBase clusters and OBProxy clusters managed by OCP and the resources associated with these clusters, such as hosts, background tasks, alerts, and software packages. | Cluster read-only permission |
| HOST_MANAGER | The host administrator role, which has the management permission on all hosts and associated resources such as software packages. This is a default role and cannot be edited or deleted. | Host management permission |
| HOST_VIEWER | The host read-only role, which has the read-only permission on all hosts and associated resources such as software packages. | Host read-only permission |
| OBPROXY_MANAGER | The OBProxy administrator role, which has the management permission on all OBProxy clusters managed by OCP as well as software packages, and the read-only permission on associated resources such as clusters, tenants, and hosts. | OBProxy management permission |
| OBPROXY_VIEWER | The OBProxy read-only role, which has the read-only permission on all OBProxy clusters managed by OCP and associated resources such as clusters, hosts, and software packages. This is a default role and cannot be edited or deleted. | OBProxy read-only permission |
| TENANT_MANAGER | The tenant administrator role, which has the management permission on all OceanBase Database tenants managed by OCP as well as inspections, and the read-only permission on associated resources such as OceanBase clusters, hosts of OBProxy clusters, background tasks, alerts, and arbitration services. This is a default role and cannot be edited or deleted. | Tenant management permission |
| TENANT_VIEWER | The tenant read-only role, which has the read-only permission on all OceanBase Database tenants managed by OCP and associated resources such as OceanBase clusters, OBProxy clusters, hosts, background tasks, alerts, arbitration services, and inspections. This is a default role and cannot be edited or deleted. | Tenant read-only permission |
Custom organizations
The following table describes the default role in custom organizations.
| Role | Description | Permission |
|---|---|---|
| ORG_ADMIN | The organization administrator role, which has all permissions on the resources in the organization. | All permissions |