Roles
Roles determine what actions a group of users can perform. You create your own roles, each of which can grant permission to perform any combination of actions, such as to creating workflows, deleting content classes, or viewing system events.
Creating roles
You can use the REST API, Admin App, and CLI to create roles and select which permissions the roles contain.
Each permission in a role grants a user the ability to perform an action in some area of the system. For example, the admin:services:read permission grants the ability to view services through the Admin App.
The first section of a permission string indicates that application that the permission applies to:
- HCM permissions begin with monitor.
- Search App permissions begin with search.
- Admin App permissions begin with admin.
Procedure
Click the Configuration window.
Click Security.
On the Roles tab, click Create.
Specify a name and, optionally, a description for the role.
Use the Individual and Wildcard tabs to edit the permissions for the role:
On the Individual tab, you can enable individual permissions or categories of permissions:
Click a category of permissions and select one or more individual permissions within the category.
For example, with the permissions selected in this image, a user can read, create, and update certificates, but cannot delete them.On the Wildcard tab, you can enable permissions for multiple categories at the same time. To do this:
Click Add Permission.
Use the menus to select a category of permissions.
Leave the last menu set to the wildcard character (*).
Click Create.
Click Update.
Related CLI commands
createRole
Related REST API methods
POST /security/roles
You can get help on specific REST API methods for the Admin App at REST API - Admin.
Viewing roles
You can use the REST API, CLI, and Admin App to view all the roles that have been created for your system.
Procedure
Select the Configuration window.
Click Security.
Select the Roles tab.
Related CLI commands
getRole
listRoles
Related REST API methods
GET /security/roles/{uuid}
GET /security/roles
You can get help on specific REST API methods for the Admin App at REST API - Admin.
Editing roles
You can use the REST API, Admin App, and CLI to change the permissions that a role contains.
About permissionsEach permission in a role grants a user the ability to perform an action in some area of the system. For example, the admin:services:read permission grants the ability to view services through the Admin App.
The first section of a permission string indicates what application the permission applies to:
- HCM permissions begin with monitor.
- Search App permissions begin with search.
- Admin App permissions begin with admin .
Procedure
Click the Configuration window.
Click Security.
On the Roles tab, click Create.
Specify a name and, optionally, a description for the role.
Use the Individual and Wildcard tabs to edit the permissions for the role:
On the Individual tab, you can enable individual permissions or categories of permissions:
Click a category of permissions and select one or more individual permissions within the category.
For example, with the permissions selected in this image, a user can read, create, and update certificates, but cannot delete them.On the Wildcard tab, you can enable permissions for multiple categories at the same time. To do this:
Click Add Permission.
Use the menus to select a category of permissions.
Leave the last menu set to the wildcard character (*).
Click Create.
Click Update.
Related CLI commands
editRole
Related REST API methods
PUT /security/roles/{uuid}
You can get help on specific REST API methods for the Admin App at REST API - Admin.
Deleting roles
When you delete a role, all groups associated with that role lose the permissions that the role granted.
Procedure
Select the Configuration window.
Click Security.
Select the Roles tab.
Click the delete icon (
) for the role you want to remove.
Related CLI commands
deleteRole
Related REST API methods
DELETE /security/roles/{uuid}
You can get help on specific REST API methods for the Admin App at REST API - Admin.