Creating and Managing Roles

A role is a personality that a user assumes to perform a specific set of operations. A role includes a set of rights and privileges. A user assumes that role inherits those rights and privileges. In the Liberty version, a user is assigned the role of Admin or Member; roles are not available in previous versions of Metacloud.

Note

Metacloud Identity service defines a user’s role on a project, but it is completely up to the individual service to define what that role means. This is referred to as the service’s policy. To get details about what the privileges for each role are, refer to the policy.json file available for each service in the /etc/SERVICE/policy.json file. For example, the policy defined for Metacloud Identity service is defined in the /etc/keystone/policy.json file.

Creating a Role

  1. Log in to the dashboard and select the admin project from the drop-down list.
  2. Open the Domains tab and select the domain you want to add roles to.

    Domains Tab

  3. Click Set Domain Context and select Edit from the drop-down list.
  4. In the Edit Domain window, click Domain Members.
  5. Click the + to add a domain member and assign them a role of Admin or Member.
  6. Click Save to confirm your selection.

Editing a Role

  1. Log in to the dashboard and select the admin project from the drop-down list.
  2. Open the Domains tab and select the domain you want to edit roles in.
  3. Click Set Domain Context and select Edit from the drop-down list.
  4. In the Edit Domain window, click Domain Members.
  5. Click checkbox to add or remove a domain member from their assigned role of Admin or Member.
  6. Click Save to confirm your selection.

Note

Using the dashboard, you can edit only the name assigned to a role.

Deleting a Role

  1. Log in to the dashboard and select the admin project from the drop-down list.
  2. Open the Domains tab and select the domain you want to delete roles from.
  3. Click Set Domain Context and select Edit from the drop-down list.
  4. In the Edit Domain window, click Domain Members.
  5. Click the - to remove a domain member from their assigned role.
  6. Click Save to confirm your deletion.

    You cannot undo this action.