In this quick start guide, you’ll create a new user role and give the role the permission to view the node group you created in the Adding classes quick start guide. You’ll also create a new local user, and assign your new user role to that user.
PE enables you to create and manage users and user groups through the console. You can also create user roles, and assign users to those roles. Permissions, such as the ability to view node groups, deploy code, or generate password reset tokens, are assigned to user roles rather than directly to users. When you assign roles to users or user groups, you are granting permissions in a more organized way.
Puppet Enterprise’s role-based access control (RBAC) is used to manage user permissions. Permissions define what actions users can perform on designated objects. There are multiple steps involved in an RBAC workflow, which can be adapted to fit your needs.
Before you begin, make sure you have installed:
Note: Roles are deletable by API, not in the console. Therefore, it’s best to try out these steps on a virtual machine.
User roles are sets of permissions you can apply to multiple users. You can’t assign permissions to single users in PE, only to user roles.
One of the permissions you can grant to user roles is the ability to access (view, create, and/or edit) node groups.
You have given members of the
Web developers role permission to view the
apache_example node group.
These steps add a local user. You can also import users and groups from an external directory, so you don’t have to recreate users one at a time.
When you create new local users, you need to send them a password reset token so that they can log in for the first time.
Each user must be assigned to one or more roles before they can log in and use PE. When you add users to a role, the user gains the permissions that are applied to that role.
You’re now managing a user with RBAC. By using permissions and user roles, you give the appropriate level of access and agency to each user or user group who works with PE.
Next, you’ll learn more about the basics of writing modules of your own, so you can begin customizing your deployment and getting work done. Click here when you’re ready to write your first module.