Create a new Role
The Roles for a Project can be managed on the Roles page. For reference, here are the default Roles available:
Let's take a look at the list of the default roles:
| Roles | Description |
|---|---|
|
“CONNECT”, “READ”, “CREATE_SUBOBJECTS”, “UPDATE”, “DELETE” |
|
“CONNECT” |
|
"CONNECT”, “READ” |
|
“CONNECT”, “READ”, “CREATE_SUBOBJECTS” |
|
“CONNECT”, “READ”, “UPDATE”, “DELETE” |
|
“IMPERSONATE” |
|
“CONNECT”, “READ”, “CREATE_SUBOBJECTS”, “UPDATE”, “DELETE”, “MODIFY_PERMISSIONS”, “MODIFY_CREDENTIALS” |
|
“CONNECT”, “READ”, “CREATE_SUBOBJECTS”, “UPDATE”, “DELETE”, “MODIFY_PERMISSIONS”, “GRANTAUTH”, “MODIFY_CREDENTIALS” |
|
“CONNECT”, “READ” |
You can Create a new Role if none of the default roles meet your needs.
First Step is to create the Role
- In your project, goto Manage Project and select Roles in the left nav
- To Create a new Role click 'Create Role'
Second Step is to add Permissions to the Roles
- Under Roles, click on your newly created Role
- Select Permissions
List of Permissions:
| Permission | Description |
|---|---|
|
The principal can connect to a Permissioned. This permission supersedes all others. If not granted, the principal is not aware of the Permissioned and can perform no operations against it. |
|
The principal can read the Permissioned. |
|
The principal can create objects that are contained within the Permissioned. |
|
The principal can update the Permissioned. |
|
The principal can delete the Permissioned |
|
The principal can assign, revoke and modify permissions against the Permissioned. |
|
The principal can assign impersonating around another principal. This is solely used for Authentication Grants as a means of describing who can create new grants for a principal. |
|
The principal can modify the credentials for another principal. This is solely used to describe rights against Identities. |
|
The principal can impersonate a target principal. As such, when the principal is signed on, they can take on the authentication credentials of the target principal. |