Configure custom roles
In some cases, the built-in ADCM roles functionality is not enough to grant the users sufficiently granular access. In this case, you can create a new role with appropriate permissions.
The process of creating a new role is described on the Creating roles page.
Example
Let’s assume that we need a role that only allows to run any check action on a cluster. In order to create it, we have to include the Cluster Action: Check
and Service Action: Check
permissions. We create a new role with those permissions included and name it Cluster action check
.
We create a new policy (Action check
) to implement the Cluster action check
role. We select the user
user to be affected by this policy.
We select the Hive
service and the ADH
cluster for the Action check
policy.
After the Action check
policy is created, the user
is able to run check actions for the ADH
cluster and the Hive
service.
If we didn’t include the Service Action: Check
permission into the Cluster action check
role, we wouldn’t be able to select any service when creating the Action check
policy. The objects available to select when creating a new policy depend on the permissions included in the role a new policy is based on.