Kong Konnect
Roles reference
A team can have any number of roles. See Manage Teams and Roles.
The following predefined roles are available in Konnect:
Services
| Role | Description |
|---|---|
| Admin | Admin of an existing Konnect service. The admins have all write access related to a service and service versions. |
| Application Registration | Access to enable or disable application registration for a Konnect service. |
| Creator | Access to create new Konnect services in Service Hub. The creator becomes the owner of the service they create, gaining admin access to the service. This role does not provide access to creating sub-entities in a service such as service versions, implementations, API specs, or plugins. See the Service Admin, Maintainer, or Plugins Admin roles. |
| Deployer | Access to implement and associate a Konnect service version to a runtime group. Must also have the Deployer role for the associated runtime group. |
| Maintainer | Access to read, edit, and deploy a Konnect service and its service versions, and manage its plugins. |
| Plugins Admin | Access to install plugins on the Konnect service versions and routes. Must also have the Admin role in the associated runtime group. |
| Publisher | Access to publish a Konnect service to the Dev Portal. |
| Viewer | Read-only access to all the configurations of a Konnect service, including attributes, versions, Analytics reports, and plugins. |
Runtime groups
| Role | Description |
|---|---|
| Admin | Owner of an existing runtime group. The owners have all write access related to a runtime group, the group’s runtime instances, and its configuration. |
| Creator | Access to create a new runtime group in Runtime Manager. The creator becomes the owner of the runtime group they create, gaining admin access to the new runtime group. This role does not grant access to existing runtime groups, their runtime instances, or their configurations. See the runtime group Admin or Deployer roles. |
| Certificate Admin | Access to configure certificates for an existing runtime group. |
| Deployer | Access to deploy a service to the runtime group. Must also have the Deployer role for the service being deployed. |
| Viewer | Read-only access to all the configurations of a runtime group and its runtime instances. |
| Consumer Admin | Access to configure consumers for an existing runtime group. |
| Gateway Service Admin | Access to configure gateway services for an existing runtime group. |
| Key Admin | Access to configure keys for an existing runtime group. |
| Plugin Admin | Access to configure plugins for an existing runtime group. |
| Route Admin | Access to configure routes for an existing runtime group. |
| SNI Admin | Access to configure SNIs for an existing runtime group. |
| Upstream Admin | Access to configure upstreams for an existing runtime group. |
| Vault Admin | Access to configure vaults for an existing runtime group. |