Managing Roles

Security Requirements and Controls

All roles available and the permissions granted via the roles are displayed in the User Interface in the Roles page.

Depending on the system level permission you've chosen, you can assign different permissions for any new role you create. For example, you can create an Organization management role type and name it, say, "Operations", to which grant permissions such as the capability to view all internal notifications, or to manage other users.

While LogScale comes with a predefined set of roles — Admin, Member and Deleter — they may be customized to your specific needs. Keep in mind that it's generally a good idea to grant as few permissions as possible and to add more as needed.

Note

You need to be an Organization Owner on Cloud or a root user on on-premise installations to have access to the Roles page and assign roles to users. Or you need to have the Change user access permission:

Change User Access

Figure 74. Change User Access


See the full list of available permissions along with descriptions of their usage at Repository & View Permissions.

To add new roles or customizing existing roles:

  1. Click on your profile avatar in the upper right corner and select Organization SettingsRoles on the left.

    Roles

    Figure 75. Roles


  2. Click + Add, enter a name for your new role such as "Operations" and select a Role type e.g. Organization management.

    Adding Roles

    Figure 76. Adding Roles


  3. Set the permissions for the new role. For example, if you wish to create a strictly read-only role, select the Data access checkbox and nothing else, then click Create role:

    Assigning Permissions to Roles

    Figure 77. Assigning Permissions to Roles


    The new role can now be assigned to groups via the Groups page of the User Interface, where you are prompted to configure the permission levels for a group — see Figure 68, “Assigning Permissions”.

  4. To customize an existing role and change its permissions, or to remove it, select the role and click Edit role or Delete role:

    Customizing Roles

    Figure 78. Customizing or Removing Roles


Aggregate Permissions

When you've defined more than one role under a Repository and View, Organization or Cluster, you can get a combined view of the available permissions for all roles — all permissions in a specific repository, for example. This gives you an overview if you want to know exactly which permissions you have.

  1. Click on your profile avatar in the upper right corner and select Organization SettingsUsers on the left.

  2. Select one of the users that have multiple roles assigned and click on your repository.

  3. Click the Show aggregate permissions button: the list of aggregated permissions will be displayed on the right.

    Aggregate permissions

    Figure 79. Aggregate permissions


You can always select a single role instead to get only the permissions for that role.