Skip to main content

View and Manage Roles

Roles comprise a set of permissions that determine access to different resources within your organization. Assign roles to users on a specific level in the resource hierarchy to grant them access to projects, organizations and product assets under a given node. Create custom roles to facilitate resource access scenarios required by your organization.

The Roles Page

The Roles page provides an overview of roles assignments for a selected organization or a project. It's mainly used by IAM Admin users to assign users to roles and manage custom roles. On the Roles page, you can

  • View details about the role
  • View the users assigned to a role
  • Assign a user to a role
  • Remove a user from a role

To access the Roles page:

  1. Sign in to the Identity & Access Management portal as an IAM Admin user.

  2. Click Roles.

You will see a list of roles and the number of users assigned to that role.

Viewing Role Details

To access the Role Details page:

  1. Sign in to the Identity & Access Management portal as an IAM Admin user.

  2. Click Roles.

  3. Locate the desired role and click its name, or use the options menu, and select View Role Details.

You will be able to view the permissions that have been assigned to the role.

Assigning Users to Roles

You can use the Roles page to manage role assignment to control user access to assets. Role assignments can also be managed on a per user basis.

To assign users to roles:

  1. Sign in to the Identity & Access Management portal as an IAM Admin user.

  2. Click Roles.

  3. Select an Organization or a Project. Click the Context Switcher drop-down menu, select an organization or a project, then click Go.

  4. Locate the desired role and click its name, or use the options menu, and select Assign User to Role.

  5. Select the user from the drop-down list. Click Assign.

    You can click on +Add Another User to add more than one user to the selected role.

Viewing User Assignment to a Role

View the users that have been assigned to this Role.

  1. Sign in to the Identity & Access Management portal as an IAM Admin user.

  2. Click Roles.

  3. Select an Organization or a Project. Click the Context Switcher drop-down menu, select an organization or a project, then click Go.

  4. Locate the desired role and click its name, or use the options menu, and select View Assigned Users.

Removing Users from Roles

You can use the Roles page to remove users from a role. Role assignments can also be managed on a per user basis.

  1. Sign in to the Identity & Access Management portal as an IAM Admin user.

  2. Click Roles.

  3. Select an Organization or a Project. Click the Context Switcher drop-down menu, select an organization or a project, then click Go.

  4. Locate the role to remove user from and from the options menu, select Remove User from Role.

  5. Select the user(s) to remove from the role.

  6. Click Next.

  7. Confirm your selection and click Remove.

note

You cannot remove a user from a role if the role is inherited.

tip

If you do not see Remove User from Role from the options when hovering over , that means that all users have inherited this role. You cannot remove users from a role if it is inherited.

warning

If your selection contains both users who have inherited roles and users with non-inherited roles, the system will display an error and disallow you from proceeding. You should check which users have inherited roles and un-select them in order to proceed with the removal.