Role-based access control (RBAC) is used to manage user permissions. Permissions define what actions users can perform on designated objects. There are multiple steps involved in an RBAC workflow, which can be adapted to fit your needs.
These instructions assume
you've installed PE, at least one *nix agent node, and the
Step 1: Create a user role
User roles are sets of permissions you can apply to multiple users. You can’t assign permissions to single users in PE, only to user roles. This allows you to have more consistent permissions among users and be able to make changes efficiently.
- In the console, from the Access control drop down, click User roles.
- For Name, type Web developers, and then for Description, type a description for the Web developers role, such as Members of the web development team.
- Click Add role.
Step 2: Give the user role access to view a node group
Users get permissions when the user roles they belong to are granted those permissions.
One of the permissions you can grant to user roles is the ability to access (view, create, or edit) node groups.
- From the User Roles page, select Web developers, and then click the Permissions tab.
- In the Type box, select Node groups.
- In the Permission box, select View.
- In the Object box, select apache_example.
- Click Add permission, and then click the commit button.
You have given members of the
Web developers role permission to view the
apache_example node group.
Step 3: Create a new user
You can add local users, or import users and groups from a directory.
These steps add a local user. You can also import users and groups from an external directory, so you don't have to recreate users one at a time.
- In the console, click Users.
- In the Full name field, type in a user name.
- In the Login field, type the user’s login information.
- Click Add local user.
Step 4: Enable the new user to log in
When you create new local users, you need to send them a password reset token so that they can log in for the first time.
- Click the new local user in the Users list.
- On the upper-right of the page, click Generate password reset. A Password reset link message box opens.
- Copy the link provided in the message and send it to the new user. Then you can close the message.
Step 5: Assign the user role to the new user
Users must be assigned to one or more roles before they can log in and use PE.
When you add users to a role, the user gains the permissions that are applied to that role.
- Click User Roles and then click Web developers.
- On the Member users tab, on the User name list, select the new user you created, and then click Add user and click the commit button.
You're now managing a user with RBAC. By using permissions and user roles, you give the appropriate level of access and agency to each user or user group who works with PE.
Next, learn more about the basics of writing modules of your own, so you can begin customizing your deployment and getting work done.