Roles

Roles define the application access and resource permissions that can be assigned. You first create roles, then associate them to user groups according to the type of network activities the user group is meant to perform. Each member user of a user group can perform the roles specified for that group.

Optionally, you can also choose to assign a role directly to a user. When a user requires a specific set of permissions, you can bypass the use of user groups entirely.

Each role is mapped to a specific set of resource group access permissions. When a role is created, you can set the possible levels of permission for the associated resource groups to any the following:

No Access
Users or user group members do not have access to this resource group. The No Access permission is set by default for each resource until you change it when defining the role.
Read
Read permissions allow users or user group members to view specific resources, but they cannot make changes.
Read / Write
Read/write permissions allow users or user group members to view and modify resources.

After a role is created, you can return to the role and modify the resource access permissions.

Viewing a list of existing roles

Follow this procedure to view a list of existing roles.
  1. Click to open the main menu.
  2. Select User and Resource Management.
  3. Select Roles from the drop-down list.

Predefined roles

The following table shows the predefined system roles and describes the specific permissions each role allows users. These roles are defined with common resource access privileges that you can quickly assign to new users. Administrators can associate roles to a specific user or to all members of user groups.

Predefined roles cannot be modified. You can create customized roles for users that require specific permissions.

Table 1. Predefined roles
Role Description
fabric-operator Allows read/write access to all system resources except infra components (such as users, roles, and resource groups).
fabric-viewer Allows read only access to system resources.
fss-admin Allows admin privileges for all system resources in default namespaces.
ztp Allows access to node management resources.

Creating a role

Follow this procedure to create a new role.
  1. From the main menu > User and Resource Management page, select Roles from the drop-down list.
  2. Click + CREATE ROLE.
  3. Under the Role Info heading, specify a role name and add an optional description to describe the purpose of the role.
  4. Specify the resource access permissions for the role. For a specific resource group permission, select one of the following options from the drop-down list.
    • Read
    • Read / Write
    Do this for one or more resource groups.

    The No Access permission is automatically selected for each resource until you change it.

    You can also use the sort and filter columns to narrow the list of resource access options.

  5. Click CREATE.

Modifying the resource access permissions of a role

After a role is created, you can modify its resource access permissions. You can specify the resources in the system that can be accessed by users or user group members with the role applied.

Follow this procedure to modify the application access permissions of a role.

  1. From the main menu > User and Resource Management page, select Roles from the drop-down list.
  2. Locate the role that you want to modify, click the options menu at the right end of the row.
  3. Select Open.
  4. Under the Resource Access heading, for a specific resource group permission, select one of the following options from the drop-down list.
    • No Access
    • Read
    • Read / Write
    Do this for one or more resource groups.

    You can also use the sort and filter columns to narrow the list of resource access options.

  5. Click SAVE.

Deleting a role

Follow this procedure to delete a role.
  1. From the main menu > User and Resource Management page, select Roles from the drop-down list.
  2. Locate the role that you want to delete and click the options menu at the right end of the row.
  3. Click Delete.
    If prompted, confirm that you want to delete the selected role.