Difference between revisions of "Role Create"
m |
m |
||
| Line 1: | Line 1: | ||
| − | [[File: | + | [[File:Create Role 5.jpg|300px|thumb|Create custom roles which define User Permissions.]] |
Roles are represented as a collection of operations on object types at a specific scoping level. The scope limits how the operation can be used. For example, at the scope of 'system' then the permission assignment applies to all objects of that type in the system. For example, if you have 'Storage Volume' + 'Delete' as the operation and the scope is 'System' then you can delete any storage volume in the system or grid. But, if the scope is reduced to 'group/cloud' then you can only delete the ''storage volumes'' in your assigned ''storage cloud''. To further restrict the role you can assign just the 'user' level scope which only allows the use to execute the given operation on resources of that type that they own / have created. Going back to the example of deleting a ''storage volume'', you would want the scope to be 'user' if you only want users with the role to be able to delete their own storage volumes and not those of other users. | Roles are represented as a collection of operations on object types at a specific scoping level. The scope limits how the operation can be used. For example, at the scope of 'system' then the permission assignment applies to all objects of that type in the system. For example, if you have 'Storage Volume' + 'Delete' as the operation and the scope is 'System' then you can delete any storage volume in the system or grid. But, if the scope is reduced to 'group/cloud' then you can only delete the ''storage volumes'' in your assigned ''storage cloud''. To further restrict the role you can assign just the 'user' level scope which only allows the use to execute the given operation on resources of that type that they own / have created. Going back to the example of deleting a ''storage volume'', you would want the scope to be 'user' if you only want users with the role to be able to delete their own storage volumes and not those of other users. | ||
Revision as of 00:07, 20 November 2020
Roles are represented as a collection of operations on object types at a specific scoping level. The scope limits how the operation can be used. For example, at the scope of 'system' then the permission assignment applies to all objects of that type in the system. For example, if you have 'Storage Volume' + 'Delete' as the operation and the scope is 'System' then you can delete any storage volume in the system or grid. But, if the scope is reduced to 'group/cloud' then you can only delete the storage volumes in your assigned storage cloud. To further restrict the role you can assign just the 'user' level scope which only allows the use to execute the given operation on resources of that type that they own / have created. Going back to the example of deleting a storage volume, you would want the scope to be 'user' if you only want users with the role to be able to delete their own storage volumes and not those of other users.
Navigation: Users & Groups --> Management Users --> User Groups --> Role --> Create (toolbar)
