红帽全球峰会此内容没有您所选择的语言版本。
6.8. Configuring Role-Based Access Control
6.8.1. Overview of RBAC Configuration Tasks
When RBAC is enabled only users of the Administration or SuperUser role can view and make changes to the Access Control system.
The management console provides an interface for the following common RBAC tasks:
- View and configure what roles are assigned to (or excluded from) each user
- View and configure what roles are assigned to (or excluded from) each group
- View group and user membership per role.
- Configure default membership per role.
- Create a scoped role
Note
The Management Console cannot be used to enable or disable RBAC. Those settings are not exposed in the UI. Use the command line interface to perform these tasks.
The management CLI provides access to the complete access control system. This means that everything that can be done in the management console can be done there, but a number of additional tasks can be performed with the management CLI that cannot be done with the management console.
The following additional tasks can be performed in the CLI:
- Enable and disable RBAC
- Change permission combination policy
- Configuring Application Resource and Resource Sensitivity Constraints
