User ManualPodWarden
Settings: Users
Local user accounts with role-based access control
What you see
URL: /settings (Users tab)
The Users tab manages local user accounts for your PodWarden instance. These accounts are used for local authentication (email + password) and role-based access control. Users who sign in via OIDC are managed by your identity provider, but their PodWarden roles are configured here.
Fields / columns
| Column | Description |
|---|---|
| The user's email address (used as login identifier) | |
| Name | Display name |
| Role | Access level: viewer, operator, or admin (see roles below) |
| Last login | Timestamp of the user's most recent sign-in |
Available actions
| Action | Where | What it does |
|---|---|---|
| Create | Users tab toolbar | Opens the user creation form. Specify email, name, role, and initial password |
| Edit role | User row | Change the user's role between viewer, operator, and admin |
| Delete | User row | Removes the user account. The user can no longer sign in locally |
| Set password | User row | Resets the user's password to a new value |
Roles
| Role | Permissions |
|---|---|
| viewer | Read-only access to all pages. Can view clusters, hosts, workloads, deployments, and settings but cannot make changes |
| operator | Everything a viewer can do, plus create/edit/delete workloads, assignments, ingress rules, and trigger deployments. Cannot manage users or system settings |
| admin | Full access to everything, including user management, system settings, and destructive operations (wipe host, delete cluster) |
Notes
- At least one admin account must exist at all times. PodWarden prevents deleting the last admin.
- OIDC users appear in this list after their first sign-in. Their email and name come from the identity provider, but their role is managed locally.
- Password changes take effect immediately. Active sessions are not invalidated.
Related docs
- Login -- How users authenticate
- Settings -- System -- Configure OIDC for SSO authentication
- Settings -- MCP -- Previous settings tab
- Settings -- Secrets -- Next settings tab