User and role relationships
A role is a group of permissions. Roles can be assigned to any user or user group and any user or user group can have more than one role.
If a user is assigned one of Platform ASC built-in roles and a newly created role, the effect is that the permissions of both roles are merged.
User and role relationships are configured through the User Roles and Access Control page of the PMC. You must be a cluster administrator or have the Role Management permission to perform actions on roles.
- Identify the security requirements of the role.
- Assign permissions to the role to meet the requirements.
- Assign the role to users.
The following example shows the concept of configuring one role for two users:
- description of the role
- users who are assigned to the role
- permissions
User roles can also be removed. Before you remove a role, it is important to check that it is not assigned to any users, as this action would cause them to lose all privileges that are associated with the role.
Use the User Roles and Access Control page to build relationships between users, roles, and permissions. At a minimum, you must have User View or Role View permission to access the User Roles and Access Control page.
User Roles and Access Control page
| Permissions | Permitted Actions | Column Shown |
|---|---|---|
| User View | View basic and detailed information of users. | Users |
| User Management only | Add users. | Users |
| User Management and User View |
|
Users |
| Role View |
|
|
| Role Management only | Create roles. | Roles |
| Role Management and Role View |
|
|
| Role Assignment and Role View |
|
|
| Role Assignment only | Cannot view Roles grid. | |