Configure custom roles

Contents

In some cases, the built-in ADCM roles functionality is not enough to grant the users sufficiently granular access. In this case, you can create a new role with appropriate permissions.

The process of creating a new role is described on the Creating roles page.

Example

Let’s assume that we need a role that only allows to run any check action on a cluster. In order to create it, we have to include the Cluster Action: Check and Service Action: Check permissions. We create a new role with those permissions included and name it Cluster action check.

The Cluster action check role
The Cluster action check role

We create a new policy (Action check) to implement the Cluster action check role. We select the user user to be affected by this policy.

The first step of creating the Action check policy
The first step of creating the Action check policy

We select the Hive service and the ADH cluster for the Action check policy.

The second step of creating the Action check policy
The second step of creating the Action check policy

After the Action check policy is created, the user is able to run check actions for the ADH cluster and the Hive service.

If we didn’t include the Service Action: Check permission into the Cluster action check role, we wouldn’t be able to select any service when creating the Action check policy. The objects available to select when creating a new policy depend on the permissions included in the role a new policy is based on.

Found a mistake? Seleсt text and press Ctrl+Enter to report it