[IAM] Role
An administrator can create desired roles and assign them to Users who will perform such roles.
The properties set up for a role are as follows:
Role type
| Project management privilege | the position to grant roles to users | |
|---|---|---|
| User | • Create your own • Invited projects and project groups • Subprojects within the project groups you have privilege to enter | • Invite other users to the project under the project detail page > [Members] tab • When changing member information, you can shift the type of user’s role |
| Admin | All projects and project groups | Add or edit users on the [Admin > Users and permission management > Users] page |
Access permission for each page of the Cloudforet service
You can grant different view and manage permissions for each sub menu of each service.
View
View permissions are separately given for each page.
Manage
You can use management features such as create, edit, add, etc. that exist in a selected service menu. (Management features are different for each service/page.)
Reviewing API policy
Policy is an object that defines privilege over a resource when it is attached.
For guidelines on policies, see Policy documents.
Creating roles
(1) Select [Admin > User and permission management > Roles] to enter the role page.
(2) Enter the [Create role] page through the [Create] button at the upper left.
(3) Write a name and description (optional) of the role, and select Role type.
- The [Name] must be at least 2 characters long.
- Since [Role type] is an item that cannot be modified once you create it, please make a careful selection.
(4) Set the Page access permission.
(5) To decide what permission to grant to the role that you are creating, select a policy to connect.
For a detailed description on policy connection, see here.
(6) Click the [Create] button to complete role creation.
Viewing roles
You can search for created roles, view them, and review their detailed information.
Getting a list of roles
Roles that have been created can be viewed on the role page.
You can enter a search term to see a list of roles that match your criteria. For a detailed description on advanced search, see here.
Viewing detailed information on roles
When selecting a role in the table of contents, you can check information about the selected role in the [Details] tab below.
Editing roles
Steps
(1) Select the role you want to edit from a list of roles, and click the [Edit] button to enter the edit page.
(2) Except for a role type, changes are the same as Create Role.
Deleting roles
Steps
(1) Enter the role page.
You can delete multiple roles at once.
(2) Click the [Delete] button to review the list of roles to be removed.
Roles assigned to a user cannot be removed.
If a role that cannot be deleted was included, the role and the user assigned to the role are displayed together.
(3) Click the [OK] button to delete the role.