Red Hat SummitDieser Inhalt ist in der von Ihnen ausgewählten Sprache nicht verfügbar.
Chapter 3. Using consolidated roles for configuring User Access
Use the consolidated roles to simplify user access configuration for groups and permissions for various levels of access to the Red Hat Insights services.
3.1. Consolidated roles
The Red Hat Hybrid Cloud Console provides three user access roles with ease of use in mind. These roles help simplify how the Organization Administrator creates groups and permissions for various levels of access to the Red Hat Insights services.
The consolidated roles are as follows:
RHEL viewer: The RHEL viewer role provides users visibility without the ability to make changes. It allows read-only access to Red Hat Insights. You can view system configurations, compliance reports, inventory data, patch information, vulnerabilities, and overall resource states and activities. The only action permitted with this role is to generate activation keys.
RHEL operator: The RHEL operator role allows active management of your Red Hat Insights environment. With this role you can edit system configurations, inventory details, policies, and notification/integration settings. The RHEL operator role allows many of the RHEL administrator role functions, but it is restricted from editing compliance policies, content source templates or policies, or tasks. In addition, the RHEL operator role cannot execute remediation plans.
RHEL administrator: The RHEL administrator role provides comprehensive administrative privileges across your RHEL systems and Red Hat Insights. With this role you can manage system configurations, inventory, compliance policies, notifications, patch management, remediations, malware detection, and advisor recommendations. The RHEL administrator role can also view and modify all vulnerability settings.
See Predefined User Access roles, for the roles included in the Default admin access group.
3.2. Configuring groups with consolidated User Access roles
User Access provides a number of predefined roles that you can add to groups. Three of the predefined roles provide permissions to view, operate, and administer the Red Hat Insights services in the Red Hat Hybrid Cloud Console. Doing so requires modifying the Default access group and creating a new group for each one of the view, operate, and administer permissions.
For a list of predefined roles provided by Red Hat, see section Predefined User Access roles.
The Default access group contains a subset of all predefined roles. For more information, see section Predefined User Access roles.
When you complete the following steps, you will have a single RHEL Viewer group that contains a single, comprehensive role that grants all the necessary permissions for the group members. You no longer need to manage a group with multiple individual roles.
3.2.1. Preparing the Default access group for consolidated role permissions
Before creating a group for a consolidated role, you must modify the Default access group and remove several roles associated with Red Hat Insights-specific permissions.
Prerequisites
You are logged in to the Red Hat Hybrid Cloud Console as a user who has Organization Administrator permission.
NoteYou cannot log in to the Hybrid Cloud Console with your email address unless your email address is the same as your Red Hat login. For more information, see Finding your login.
- If you are not an Organization Administrator, you must be a member of a group that has the User Access administrator role assigned to it.
When you make changes to the Default access group its name changes to Custom default access group and is no longer updated with Red Hat defined default roles.
Procedure
- Open the settings menu
- Click User Access. This opens the Identity and Access Management page.
- Under User Access, click Groups. Before you implement the new RHEL roles, modify the Default access group.
Click the Default access group. Remove the following twelve RHEL Insights-related default roles from Default access group, which removes those permissions for all users in your organization.
- Compliance viewer
- Content Template viewer
- Directory and Domain Services viewer
- Inventory Hosts administrator
- Patch viewer
- Remediations viewer
- Repositories viewer
- Resource optimization user
- Repositories viewer
- RHC user
- RHEL Advisor administrator
- Vulnerability viewer
-
After you select the roles to remove, click on the more options menu icon
, which is located in the filter action area near the top of the role list, and click Remove.
- Confirm the removal. The selected roles and their permissions are deleted from the Default access group and a success message appears. The Default access group is automatically renamed Custom default access group. You can scroll through the Roles list and verify the roles are removed from the Custom default access group.
3.2.2. Creating a new group for RHEL viewers
After modifying the Default access group, which is automatically renamed to Custom default access group, create a new group that provides permissions for RHEL viewers. You can also create additional groups that provide permissions for RHEL operators or RHEL administrators.
Prerequisites
- You removed RHEL Insights-related default roles from Default access group.
- You are logged in to the Red Hat Hybrid Cloud Console as a user who has Organization Administrator permission.
You are on the Groups page, Identity & Access Management User Access Groups
NoteYou cannot log in to the Hybrid Cloud Console with your email address unless your email address is the same as your Red Hat login. For more information, see Finding your login.
- If you are not an Organization Administrator, you must be a member of a group that has the User Access administrator role assigned to it.
Procedure
- Click Create a group.
Provide a group name and description. For example:
Group name: RHEL Viewers Group description: Users who can view all RHEL services and pages, but cannot execute or edit data
Group name: RHEL Viewers Group description: Users who can view all RHEL services and pages, but cannot execute or edit dataCopy to Clipboard Copied! Toggle word wrap Toggle overflow - Follow the wizard to locate and add the RHEL viewer role to the group.
- Add members of your organization to this group who you want to have RHEL viewer permissions.
- Review the group details and submit. A success message appears.
Verification
Look at the Groups list and confirm that the RHEL Viewer group is now available. You can enter "RHEL" in the Filter by name search to locate a specific group.
'%20d='M201.5%20305.5c-13.8%200-24.9-11.1-24.9-24.6%200-13.8%2011.1-24.9%2024.9-24.9%2013.6%200%2024.6%2011.1%2024.6%2024.9%200%2013.6-11.1%2024.6-24.6%2024.6zM504%20256c0%20137-111%20248-248%20248S8%20393%208%20256%20119%208%20256%208s248%20111%20248%20248zm-132.3-41.2c-9.4%200-17.7%203.9-23.8%2010-22.4-15.5-52.6-25.5-86.1-26.6l17.4-78.3%2055.4%2012.5c0%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.3%2024.9-24.9s-11.1-24.9-24.9-24.9c-9.7%200-18%205.8-22.1%2013.8l-61.2-13.6c-3-.8-6.1%201.4-6.9%204.4l-19.1%2086.4c-33.2%201.4-63.1%2011.3-85.5%2026.8-6.1-6.4-14.7-10.2-24.1-10.2-34.9%200-46.3%2046.9-14.4%2062.8-1.1%205-1.7%2010.2-1.7%2015.5%200%2052.6%2059.2%2095.2%20132%2095.2%2073.1%200%20132.3-42.6%20132.3-95.2%200-5.3-.6-10.8-1.9-15.8%2031.3-16%2019.8-62.5-14.9-62.5zM302.8%20331c-18.2%2018.2-76.1%2017.9-93.6%200-2.2-2.2-6.1-2.2-8.3%200-2.5%202.5-2.5%206.4%200%208.6%2022.8%2022.8%2087.3%2022.8%20110.2%200%202.5-2.2%202.5-6.1%200-8.6-2.2-2.2-6.1-2.2-8.3%200zm7.7-75c-13.6%200-24.6%2011.1-24.6%2024.9%200%2013.6%2011.1%2024.6%2024.6%2024.6%2013.8%200%2024.9-11.1%2024.9-24.6%200-13.8-11-24.9-24.9-24.9z'/%3e%3c/svg%3e){kind=small}