Roles and RBAC (Role Based Access Control)
Roles are a fundamental aspect of user access control in Cloud Orbiter. Roles define a set of permissions that determine what actions a user can perform on specific resources within a project. With role management, you choose from pre-defined roles provided in Cloud Orbiter. It allows you to assign granular permissions to users and groups within your organization. By using roles, you can ensure that users only have access to the resources they need to perform their jobs and nothing more, reducing the risk of unauthorized access or security breaches.Cloud Orbiter provides a set of pre-configured roles allowing granular control over access permissions to resources. Currently, we offer three roles: Admin, Project Admin, and Default User.
Tenant Admin
The Tenant Admin is the highest privileged role within a tenant. With this role, a user can configure everything within the assigned tenant, including user management, group management, Identity provider configurations, roles, applications, and notifications.
Project Admin
The Project Admin role has permission for all operations on all resources within a project, including managing users, assigning other Project Admins, creating, updating, and deleting clusters, deploying applications, and managing instances.
Default User
The Default User is the role associated with any user-created via Cloud Orbiter. This role has permission to perform operations like creating new clusters, listing clusters (read-only information on project clusters), accessing application repositories and apps, viewing all clusters, viewing test suites, listing backup and recovery, and listing all hosts and groups.Note that additional roles cannot be created at this time, but we anticipate expanding this functionality to include more fine-grained RBAC capabilities in the future.
Procedure to check a role assign to a user or group
- Go to Setting in Cloud Orbiter
- Click on the Roles menu.
- If a user further clicks at the name tab, it will list down the user details to which user groups they are assigned and what roles they possessed.
- Once a user is created, he or she will be able to login to the portal using their credentials.
RBAC (Role Based Access Control)
RBAC in Cloud Orbiter is a mechanism that enables admin to create users and roles and give all access to Cloud Orbiter features. Anything an administrator does under User Management is possible because of their role as a admin. If a user is not a admin, they can only create onboarding requests (onboarding requests).The admin can approve or reject any form submitted by a user to perform any tasks / or access Cloud Orbiter features. At the same time, tenant or user role is only specified to fill out forms or make onboarding requests.