Managing access

Role-based access control, more succinctly called RBAC, is used to grant individual users the permission to perform specific actions. Permissions are grouped into user roles, and each user is assigned at least one user role.

By using permissions, you give the appropriate level of access and agency to each user. For example, you can grant users:

• The permission to grant password reset tokens to other users who have forgotten their passwords
• The permission to edit a local user’s metadata
• The permission to deploy Puppet code to specific environments
• The permission to edit class parameters in a node group

You can do access control tasks in the console or using the RBAC API.