Articles in this section

Managing Roles

Sara Levy
  • Updated
Follow

You can manage permissions through roles. Managers can belong to any number of roles. Managers inherit all permissions enabled for any roles they belong to.

Managing Roles via the VAST Web UI

Viewing Roles

  1. From the left navigation menu, select Administrators and then Roles.

    The following details are displayed for each role:

    • Name. The name of the role.

    • Managers. The managers who are currently assigned this role. 

    • Managers Count. The number of managers who have this role.

  2. To see (and edit) the permissions enabled for the role, click the role. 

 

Adding Roles

  1. From the left navigation menu, select Administrators and then Roles.

  2. Click Create roles.

  3. In the Add Role dialog box, enter a name for the role and enable the permissions you want to include in the role:

    • Enable a permission by clicking it's icon.

      on-off-role.gif

    • Toggle whole rows and columns on and off by clicking the row or column heading. For example, click Create to add Create permission for all realms.

      rowsandcolumns_roles.gif

  4. If you want to associate authentication provider group(s) with the role, enter each group in the format <groupname>@<domain> in the AD/LDAP groups field.

    Users who belong to groups that are associated with the role will be able to log into VMS using their LDAP user name and password. They will be authorized based on the role(s) associated with their group.

    To enter a group, start typing the initial characters and then select an autocomplete option.

    To enter more than one group, enter the first group, then enter a comma and then enter another group. Each group is entered into the field with a removal button (removebutton.png). You can use the remove button to remove any group.

    Each group can be any group on any connected LDAP-based provider, including Active Directory. Groups can be associated with multiple roles and vice versa.

  5. When you're done, click Create.

    The role is added. 

Tip

To assign the role to a manager, update the manager. 

 

Modifying Roles

Whenever you modify a role and change the permission set enabled for the role, you automatically update the inherited permissions of all the managers who have the role.

  1. From the left navigation menu, select Administrators and then Roles.

  2. Click ActionsButtonGUI2.png to open the Actions menu for the role you want to modify and select Edit.

  3. Make changes as needed (see Adding Roles).

  4. Click Update

    The role is modified.

 

Deleting Roles

Caution

Deleting a role can remove permissions from managers who have the role.

  1. From the left navigation menu, select Administrators and then Roles.

  2. Click the Actions button (ActionsButtonGUI2.png ) for the role and then select Remove.

  3. Click Yes to confirm the removal.

    The role is deleted.

 
 

Managing Roles via CLI

To manage roles via the CLI, use the following commands.

To do this task...

Use this command...

Assign manager to role

manager join

Remove manager from role

manager leave

Display roles

role list

Display details of specific role

role show

Add a role

role create

Delete a role

role delete

Assign permissions and/or LDAP groups to a role.

role assign

Remove permissions from a role.

role unassign
 
 

Related articles

Comments

0 comments

Article is closed for comments.