Overview
Cloud Control Center's Role-Based Access Control (RBAC) feature empowers administrators to define custom roles with specific privileges and assign these roles to users, either created locally, integrated through Single Sign-On (SSO), or for API Clients. This level of customization ensures that after authentication, user interactions with the Cloud Control Center are strictly governed by the privileges of their assigned role.
Default Roles
By default, Cloud Control Center provides two predefined roles:
1. Tenant User: Users with this role can view all components of the user interface (UI), such as Devices, Policies, Virtual Edges, Analytics and more. However, they are not permitted to make any modifications.
2. Tenant Admin: Users with this role have comprehensive access, allowing them to view and modify any component of the UI.
Components of RBAC
Role Name
- Definition: Customizable name for the role.
Privileges
- Scope: Pertains to each component of the UI.
- Privilege: Can be set to 'Enabled' or 'Disabled', governing the visibility and interaction level a user has with each UI component.
Creating a New Role
Steps:
1. Initiation: Click on "Create New Role".
2. Naming: Provide a name for the role. Optionally, select "Enable All Privileges" for full access, then deselect specific privileges as needed.
3. Privilege Selection:
- Component-wise Customization: For each UI component:
After configuring the privileges for all UI components, click "Save Changes" to finalize the new role.
Managing RBAC Roles
Clicking on the more options icon (three vertical dots) shows options for managing RBAC roles.
Here's a summary of the available options:
Edit Role Name: Allows you to modify the name of an existing role.
This is useful for updating role names to better reflect the responsibilities or access levels associated with the role without altering its permissions.
Clone Role: Creates a duplicate of an existing role.
This is beneficial for creating a new role with similar permissions to an existing one. The cloned role can then be customized further if needed, saving time compared to creating a new role from scratch.
Delete Role: Permanently removes an existing role from the system.
This option should be used when a role is no longer needed. Deleting a role ensures it is no longer available for assignment, helping to maintain an organized and relevant set of roles within the RBAC system.
These options provide flexibility in managing user roles, allowing administrators to update, replicate, and remove roles as needed to align with organizational changes and security policies.
Assigning Roles to Users
Assigning roles to users is a straightforward process in the Cloud Control Center:
1. Navigate: Go to the User Management section.
2. Selection: Choose the user you wish to assign a role to and click 'Edit'.
3. Role Assignment: In the user's settings, select the desired role from the available options.
For API Clients, refer to the Cloud Control Center API documentation for detailed instructions on leveraging RBAC. For SSO users, consult the SSO documentation section in the knowledge base to understand how to automatically assign roles based on your specific SSO integration.
Cloud Control Center's RBAC is designed to provide a flexible and secure mechanism to tailor user access and privileges, ensuring users interact with the platform in a controlled and predefined manner. Whether defining new roles from scratch, cloning existing ones, or assigning roles to users, administrators are equipped with intuitive tools to streamline the role configuration process.