Chapter 4. Predefined User Access roles
The following table lists the predefined roles provided with User Access. Some of the predefined roles are included in the Default access group, which includes all authenticated users in your organization.
Only the Organization Administrator users in your organization inherit the roles in the Default admin access group. Because this group is provided by Red Hat, it is updated automatically when Red Hat assigns roles to the Default admin access group.
For more information about viewing predefined roles, see Chapter 2, Procedures for configuring User Access.
- NOTE
- Predefined roles are updated and modified by Red Hat and cannot be modified. The table might not contain all currently available predefined roles.
| Role name | Description | Default access group | Default admin access group |
|---|---|---|---|
| Ansible Wisdom Admin Dashboard user | An Ansible Wisdom Admin Dashboard user role that grants read permissions to Org Admins for all charts. | X | |
| Approval Administrator | An approval administrator role that grants permissions to manage workflows, requests, actions, and templates. | ||
| Approval Approver | An approval approver role that grants permissions to read and approve requests. | ||
| Approval User | An approval user role which grants permissions to create/read/cancel a request, and read workflows. | X | |
| Automation Analytics Administrator | An Automation Analytics Administrator role that grants ALL permissions. | ||
| Automation Analytics Editor | An Automation Analytics Editor role that grants read-write permissions. | X | |
| Automation Analytics Viewer | An Automation Analytics Viewer role that grants read permissions. | ||
| Automation Services Catalog administrator | A catalog administrator roles grants create,read,update, delete and order permissions | ||
| Automation Services Catalog user | A catalog user roles grants read and order permissions | X | |
| Cloud Administrator | Perform any available operation against any Source. | X | |
| Compliance administrator | A Compliance role that grants full access to any Compliance resource. | X | |
| Compliance viewer | A Compliance role that grants read access to any Compliance resource. | X | |
| Cost Administrator | A cost management administrator role that grants read and write permissions. | X | |
| Cost Cloud Viewer | A cost management role that grants read permissions on cost reports related to cloud sources. | ||
| Cost OpenShift Viewer | A cost management role that grants read permissions on cost reports related to OpenShift sources. | ||
| Cost Price List Administrator | A cost management role that grants read and write permissions on cost models. | ||
| Cost Price List Viewer | A cost management role that grants read permissions on cost models. | ||
| Drift analysis administrator | Perform any available operation against any Drift Analysis resource. | X | |
| Drift viewer | Perform read only operation against Drift Analysis resources. | X | |
| Hybrid Committed Spend viewer | View any Hybrid Committed Spend report. | ||
| Inventory Groups Administrator | Be able to read and edit Inventory Groups data. | X | |
| Inventory Groups Viewer | Be able to read Inventory Groups data. | ||
| Inventory Hosts Administrator | Be able to read and edit Inventory Hosts data. | X | X |
| Inventory Hosts Viewer | Be able to read Inventory Hosts data. | ||
| Inventory administrator | Perform any available operation against any Inventory resource. | ||
| Launch Administrator | A launch administrator role that grants read and write permissions. | X | |
| Launch Viewer | An launch role that grants read permissions on launch reservation and related resources. | X | |
| Launch on AWS User | An AWS launch role that grants write permissions on launch reservation and related resources. | ||
| Launch on Azure User | An Azure launch role that grants write permissions on launch reservation and related resources. | ||
| Launch on Google Cloud User | An Google Cloud launch role that grants write permissions on launch reservation and related resources. | ||
| Malware detection administrator | Perform any available operation against any malware-detection resource. | X | |
| Malware detection viewer | Read any malware-detection resource. | ||
| Notifications administrator | Perform any available operation against Notifications and Integrations applications. | X | |
| Notifications viewer | Read only access to notifications and integrations applications. | X | |
| OCM Cluster Autoscaler Editor | Grants permission to edit cluster autoscaler | ||
| OCM Cluster Editor | Grants permission to edit clusters | ||
| OCM Cluster Provisioner | Grants permission to provision clusters | X | |
| OCM Cluster Viewer | Grants permission to view clusters | X | |
| OCM Idp Editor | Grants permission to edit idps | ||
| OCM Machine Pool Editor | Grants permission to edit machine pools | ||
| OCM Organization Admin | Grants administrative permissions associated organization’s clusters | ||
| OCP Advisor administrator | Perform any available operation against any OCP Advisor resource. | X | |
| Organization Staleness and Deletion Administrator | Be able to read and edit Organization Staleness and Deletion data. | X | |
| Organization Staleness and Deletion Viewer | Be able to read Organization Staleness and Deletion data. | X | |
| Patch administrator | Perform any available operation against any Patch resource. | X | |
| Patch viewer | Read any Patch resource. | X | |
| Policies administrator | Perform any available operation against any Policies resource. | X | |
| Policies viewer | Perform read only operation against any Policies resource. | X | |
| RHC Administrator | Perform any operations on RHC manager | X | |
| RHC user | Can view the current configurations on RHC manager and write to activation keys | X | |
| RHEL Advisor administrator | Perform any available operation against any RHEL Advisor resource. | X | |
| Remediations administrator | Perform any available operation against any Remediations resource | ||
| Remediations user | Perform create, view, update, delete operations against any Remediations resource. | X | |
| Repositories administrator | Perform any available operation against any repositories resource. | X | |
| Repositories viewer | Perform read only operations against repositories resources. | X | |
| Resource Optimization administrator | Perform any available operation against any Resource Optimization resource. | X | |
| Resource Optimization user | A Resource Optimization user role that grants read only permission. | X | |
| Subscriptions administrator | Perform any available operation against any Subscriptions resource. | X | |
| Subscriptions user | View any Subscriptions resource. | X | |
| Tasks administrator | Perform any available operation against any Tasks resource. | X | |
| User Access administrator | Grants a non-org admin full access to configure and manage user access to services hosted on console.redhat.com. This role can only be viewed and assigned by Organization Administrators. | X | |
| User Access principal viewer | Grants a non-org admin read access to principals within user access. | ||
| Vulnerability administrator | Perform any available operation against any Vulnerability resource. | X | |
| Vulnerability viewer | Read any Vulnerability resource. |
