Role-Based Access Control (RBAC)

Overview

Every new account comes with a set of pre-defined roles. As an Account Admin, you can further configure Role-Based Access Control (RBAC) by defining custom roles within the tenant and assigning them to tenant members. You can control the access policies for the roles that you create. Also, you can map more than one role to a specific user. This provides more flexibility and control in managing access control for your tenant members.

When a new tenant is created, a few roles are added by default. Here is the list of default role types in a tenant:

Role TypesAccess Policies
Account AdminComplete access to all functions including User & Roles Management.
Ops AdminFull Access to all operations management functions.
Tenant AdminFull Access to tenant management functions.
Ops TeamLimited access to all operations functions.
ConsumerAccess to Self Service Portal to order and consume apps/resources.
ApproverAccess to Self Service Portal to approve orders. Additionally, has access to Dashboards & Reports for specific tenant.
FinanceAccess to Finance Dashboard and Chargeback Reports.
Security AdminFull Access to all Security management functions.
Compliance AdminFull Access to all Compliance management functions.
Partner Service AdminFull Access to CSP and EA management functions.
Partner Service MemberRead-only Access to CSP and EA management functions.
Assessment AdminFull Access to assessment trigger and reports visibility.
Assessment UserRead-only Access to assessment reports.
ApproverAccess to Self Service Portal to approve orders. Additionally, has access to Dashboards & Reports for a specific tenant.
ConsumerAccess to Self Service Portal to order & consume apps/resources.

Navigation

Click on the settings icon in the top left of the CoreStack portal and select Roles from the menu. The Roles & Permissions screen will be displayed, which allows you to create and manage roles.

Adding a New Role

Using Tenant_admin you can create and inherit permissions from Account_admin.
As an Account/Tenant admin you have an option to create a user group and assign relevant role to the group. Admin can add/remove users from the group.

The following steps need to be performed to add a new role.

  1. Click on the "Add New" button in the Roles & Permissions screen.
  2. Provide the following details to create the role:
FieldDescription
Role TypeRole Types are the ones provided by default for access permissions. As an admin, you can select and clone access policies from these default roles for the role being created.
Role NameSpecify a name for the new role. The Role Name must be unique within a tenant.
Cloud Accounts & Integrated ToolsSelect the cloud accounts and tools from the drop-down list that the new role will be associated with.
Inventory ElementsSelect the required inventory elements from the list to be associated with the role.
Role DescriptionEnter a short description for the role being created.
Quick ActionsA list of access permissions will be populated in this field based on the role type selected. Enable the required access permissions for the role using the checkboxes. Refer to the section Configuring Access Policies for Custom Roles for more details.
  1. Click the Apply button to create the new role.

A new role will be created and listed in the table.

Configuring Access Policies for Custom Roles

While creating the roles, you can configure the access permissions for different modules such as Templates, Blueprints, Environments, etc.

Users have the privilege to provide full access or customize the access per role.

After completing the fields and selecting the access permissions, users can click the Apply button available in the top right-hand side to save the settings.

📘

Note:

Click on 'Provide Full Access' or 'Remove All' to enable or disable all the listed access permissions, respectively.

Managing Existing Roles

You can manage the roles created by using the below options.

  1. Click on the link in the "Role Name" column of a role from the Roles & Permissions table to view and update the details configured for the role.
  2. Click on the link in the "No of Users" column of a role from the Roles & Permissions table to view the list of users currently assigned this role.
  3. Click on the delete icon in the "Action" column of a custom role in the Roles & Permissions table to delete the role.
  4. Select the hamburger button (three horizontal bars) and enable or disable the columns to show or hide them for viewing in the table.

Searching Roles

Use the Search bar along the top of the Roles & Permissions table to find specific roles from the list. The search option is not case sensitive.

Change User Properties

As an account/tenant admin, you can change user properties and assign users different roles.

  1. Click Settings, then Users.
  1. Enter the name of the user in the search bar and hit enter.

  2. To change User Information, click the edit button. You can change First Name, Last Name, and Email Address.

  1. Click Apply.

  2. Click Tenant Roles to change tenant role.

  3. Click the edit button and select the tenant you want to apply for the respective user.

  1. Click Apply.

User Groups

Create User Group

As an account/tenant admin, you can create a user group and assign users with different roles.

  1. Click Settings, then User Groups.

  2. Click Create User Group.

  3. Specify User Group Name.

  4. Select Tenant. You can select one or more tenants.

  5. Specify Roles. You can assign one or more roles.

  6. Select a User. You can select one or more users.

  7. Click Create.

The new user group appears in the list.

As an account/tenant admin, you can edit or delete a user group.

Clone User Group

You have the option to create a new user group by leveraging an existing user group's properties. You can edit the cloned user group's properties by modifying the tenants, roles, and users.

  1. Click Settings, then User Groups.

  2. To clone an existing user group, click the clone icon.

  1. Click Clone.

  2. After the user group is cloned, you can modify the below fields:

  • User Group Name (by default the user group name appears with suffix _copy)

  • Tenant

  • Assign different roles

  • User

The cloned user group appears in the list. If you do not make any changes, the same properties will apply to the cloned group. You can change the cloned user group name if you wish.


Did this page help you?