Roles
Roles define the application access and resource permissions that can be assigned. You first create roles, then associate them to user groups according to the type of network activities the user group is meant to perform. Each member user of a user group can perform the roles specified for that group.
Optionally, you can also choose to assign a role directly to a user. When a user requires a specific set of permissions, you can bypass the use of user groups entirely.
Each role is mapped to a specific set of resource group access permissions. When a role is created, you can set the possible levels of permission for the associated resource groups to any the following:
- No Access
- Users or user group members do not have access to this resource group. The No Access permission is set by default for each resource until you change it when defining the role.
- Read
- Read permissions allow users or user group members to view specific resources, but they cannot make changes.
- Read / Write
- Read/write permissions allow users or user group members to view and modify resources.
After a role is created, you can return to the role and modify the resource access permissions.
Viewing a list of existing roles
-
Click
to open the main menu.
- Select User and Resource Management.
- Select Roles from the drop-down list.
Predefined roles
The following table shows the predefined system roles and describes the specific permissions each role allows users. These roles are defined with common resource access privileges that you can quickly assign to new users. Administrators can associate roles to a specific user or to all members of user groups.
Predefined roles cannot be modified. You can create customized roles for users that require specific permissions.
| Role | Description |
|---|---|
| fabric-operator | Allows read/write access to all system resources except infra components (such as users, roles, and resource groups). |
| fabric-viewer | Allows read only access to system resources. |
| fss-admin | Allows admin privileges for all system resources in default namespaces. |
| geored | Allows access to geo-redundancy settings. |
| ztp | Allows access to node management resources. |
Creating a role
-
From the main menu > User and Resource Management page, select Roles from the drop-down
list.
- Click + CREATE ROLE.
- Under the Role Info heading, specify a role name and add an optional description to describe the purpose of the role.
-
Specify the resource access permissions for the role. For a specific
resource group permission, select one of the following options from the
drop-down list.
- Read
- Read / Write
Do this for one or more resource groups.The No Access permission is automatically selected for each resource until you change it.
You can also use the sort and filter columns to narrow the list of resource access options.
- Click CREATE.
Modifying the resource access permissions of a role
Follow this procedure to modify the application access permissions of a role.
-
From the main menu > User and Resource Management page, select Roles from the drop-down list.
-
Locate the role that you want to modify, click the
options menu
at the right end of the row.
- Select Open.
-
Under the Resource Access heading, for a specific
resource group permission, select one of the following options from the drop-down list.
- No Access
- Read
- Read / Write
Do this for one or more resource groups.You can also use the sort and filter columns to narrow the list of resource access options.
- Click SAVE.
Deleting a role
-
From the main menu > User and Resource Management page, select Roles from the drop-down list.
-
Locate the role that you want to delete and click the options menu
at the right end of the row.
-
Click Delete.
If prompted, confirm that you want to delete the selected role.