Red Hat SummitChapter 5. Hybrid Cloud Console User Access
The User Access feature is an implementation of role-based access control (RBAC) that controls access to various services hosted on the Red Hat Hybrid Cloud Console. Users with the Organization Administrator role use the User Access feature to grant other users access to services hosted on the Hybrid Cloud Console. An Organization Administrator can assign the special role User Access Administrator to other users who do not have the Organization Administrator role. Users with the User Access Administrator role can manage user access on the Red Hat Hybrid Cloud Console.
User access on Red Hat Hybrid Cloud Console uses an additive model, which means that actions are only permitted, not denied. To control access, users with the Organization Administrator role assign the appropriate roles with the desired permissions to groups, then add users to those groups. The access permitted to an individual user is the sum of all roles assigned to all groups to which that user belongs.
You can use the virtual assistant to send a message to your Organization Administrator to request the User Access Administrator role. After you enter the details of your request, you will be prompted with Are you sure you’d like to proceed?. Click Yes to send your request.
Additional resources
- For detailed information about the User Access feature for the Organization Administrator role, see the User Access Configuration Guide for Role-based Access Control (RBAC).
- For a list of quick starts about the User Access feature for the Organization Administrator role, see the Identity & Access Management Learning Resources page.
- For more information about the virtual assistant, see Section 3.4, “Using the Hybrid Cloud Console virtual assistant”.
5.1. The User Access groups, roles, and permissions
User Access uses the following categories to determine the level of user access that an Organization Administrator can grant to the supported Red Hat Hybrid Cloud Console services. The access provided to any authorized user depends on the group that the user belongs to and the roles assigned to that group.
- Group: A collection of users belonging to an account which provides the mapping of roles to users. An Organization Administrator can use groups to assign one or more roles to a group and to include one or more users in a group. You can create a group with no roles and no users.
- Roles: A set of permissions that provide access to a given service, such as Insights. The permissions to perform certain operations are assigned to specific roles. Roles are assigned to groups. For example, you might have a read role and a write role for a service. Adding both roles to a group grants all members of that group read and write permissions to that service.
- Permissions: A discrete action that can be requested of a service. Permissions are assigned to roles.
5.2. Viewing your permissions to services
Your Organization Administrator grants and manages your access to the different services in the Red Hat Hybrid Cloud Console. You can view your permissions for each service on the console.
Prerequisites
- You are logged in to the Hybrid Cloud Console.
Procedure
- Click your user avatar in the upper right of the Red Hat Hybrid Cloud Console window. A drop-down list appears.
- Click My User Access. The My User Access page opens.
- Select a services group, for example Red Hat Enterprise Linux. A table of services appears. Your permissions are listed in the Operation column.
