Role-Based Access Control (RBAC)
Every new account comes with a set of pre-defined roles. As an Account Admin, you can further configure Role-Based Access Control (RBAC) by defining custom roles within the tenant and assigning them to tenant members. You can control the access policies for the roles that you create. Also, you can map more than one role to a specific user. This provides more flexibility and control in managing access control for your tenant members.
When a new tenant is created, a few roles are added by default. Here is the list of default role types in a tenant:
|Role Types||Access Policies|
|Account Admin||Complete access to all functions including User & Roles Management.|
|Ops Admin||Full Access to all operations management functions.|
|Tenant Admin||Full Access to tenant management functions.|
|Ops Team Member||Limited access to all operations functions.|
|Consumer||Access to Self Service Portal to order and consume apps/resources.|
|Approver||Access to Self Service Portal to approve orders. Additionally, has access to Dashboards & Reports for specific tenant.|
|Finance Admin||Access to Finance Dashboard and Chargeback Reports.|
|Security Admin||Full Access to all Security management functions.|
|Compliance Admin||Full Access to all Compliance management functions.|
|Partner Service Admin||Full Access to CSP and EA management functions.|
|Partner Service Member||Read-only Access to CSP and EA management functions.|
|Assessment Admin||Full Access to assessment trigger and reports visibility.|
|Assessment User||Read-only Access to assessment reports.|
Click on the settings icon in the top left of the CoreStack portal and select Roles from the menu. The Roles & Permissions screen will be displayed, which allows you to create and manage roles.
Adding a New Role
Using Tenant_admin you can create and inherit permissions from Account_admin.
As an Account/Tenant admin you have an option to create a user group and assign relevant role to the group. Admin can add/remove users from the group.
The following steps need to be performed to add a new role.
- Click on the "Add New" button in the Roles & Permissions screen.
- Provide the following details to create the role:
|Role Type||Role Types are the ones provided by default for access permissions. As an admin, you can select and clone access policies from these default roles for the role being created.|
|Role Name||Specify a name for the new role. The Role Name must be unique within a tenant.|
|Cloud Accounts & Integrated Tools||Select the cloud accounts and tools from the drop-down list that the new role will be associated with.|
|Inventory Elements||Select the required inventory elements from the list to be associated with the role.|
|Role Description||Enter a short description for the role being created.|
|Quick Actions||A list of access permissions will be populated in this field based on the role type selected. Enable the required access permissions for the role using the checkboxes. Refer to the section Configuring Access Policies for Custom Roles for more details.|
- Click the Apply button to create the new role.
A new role will be created and listed in the table.
Configuring Access Policies for Custom Roles
While creating the roles, you can configure the access permissions for different modules such as Templates, Blueprints, Environments, etc.
Users have the privilege to provide full access or customize the access per role.
After completing the fields and selecting the access permissions, users can click the Apply button available in the top right-hand side to save the settings.
Click on 'Provide Full Access' or 'Remove All' to enable or disable all the listed access permissions, respectively.
Managing Existing Roles
You can manage the roles created by using the below options.
- Click on the link in the "Role Name" column of a role from the Roles & Permissions table to view and update the details configured for the role.
- Click on the link in the "No of Users" column of a role from the Roles & Permissions table to view the list of users currently assigned this role.
- Click on the delete icon in the "Action" column of a custom role in the Roles & Permissions table to delete the role.
- Select the hamburger button (three horizontal bars) and enable or disable the columns to show or hide them for viewing in the table.
Use the Search bar along the top of the Roles & Permissions table to find specific roles from the list. The search option is not case sensitive.
Change User Properties
As an account/tenant admin, you can change user properties and assign users different roles.
- Click Settings, then Users.
Enter the name of the user in the search bar and hit enter.
To change User Information, click the edit button. You can change First Name, Last Name, and Email Address.
Click Tenant Roles to change tenant role.
Click the edit button and select the tenant you want to apply for the respective user.
- Click Apply.
Create User Group
As an account/tenant admin, you can create a user group and assign users with different roles.
Click Settings, then User Groups.
Click Create User Group.
Specify User Group Name.
Select Tenant. You can select one or more tenants.
Specify Roles. You can assign one or more roles.
Select a User. You can select one or more users.
The new user group appears in the list.
As an account/tenant admin, you can edit or delete a user group.
Clone User Group
You have the option to create a new user group by leveraging an existing user group's properties. You can edit the cloned user group's properties by modifying the tenants, roles, and users.
Click Settings, then User Groups.
To clone an existing user group, click the clone icon.
After the user group is cloned, you can modify the below fields:
User Group Name (by default the user group name appears with suffix _copy)
Assign different roles
The cloned user group appears in the list. If you do not make any changes, the same properties will apply to the cloned group. You can change the cloned user group name if you wish.
Updated 9 months ago