Manage rights and roles

Manage rights and roles

What are roles?

Roles are a collection of rights that can be assigned either to groups or directly to users. The rights define the scope of functionality and data to which a user has access.

Create roles and rights

Go to the Roles screen in the Organisation section of the Administration screen. Click on "add role" in the top right corner to open the Role editor.

mceclip0.png

Figure 1: Role Editor

After you have entered a name and a description for the role, you can assign application-level rights (e.g. Admin, Audit Log) and resource-level rights to the role.

Rights builder

The section highlighted slightly in blue is the Rights builder which can be used to create rights for streams (e.g., read & write) and features (e.g., "change codec").
By clicking on "Add right" you add a so created right to the role. You can assign multiple rights to a role.

Don't forget to click "save" in the upper right corner to finish.
 

mceclip0.png

Figure 2: Role Details and Rights Builder

It is not possible to directly assign rights to the user. You always must create a role for that.
 
Log out for changes to take effect
Changes to a role or right come into effect after the corresponding user has logged out or the session has expired.


    • Related Articles

    • Rights evaluation

      You can assign multiple roles with multiple rights to a user. The following rules apply to evaluate the rights in effect: First Rule: Specific right before less specific right. Second Rule: Allow before deny. Rule 1 example: Right1: Deny      ...

    • Groups and users

      What are users? Users can be created by admins and assigned to groups. Roles can be assigned to users either through groups or by direct attachment. Create users To create users go to the Users page in the Organisation section of the Administration ...

    • Consumer Right Management

      Troubleshooting consumer groups is an important task in Apache Kafka environments. This includes identifying slow consumers, skipping a so-called "poison pill", a record that always crashes the consumer and prevents it from progressing, as well as ...

    • Advanced: LDAP Module for nested groups

      Note: the basic LDAP module is sufficient in most cases. Use only this module if the basic LDAP module does not return all groups (especially nested groups). This module was created to work around the issue where the memberOf property doesn’t return ...

    • ACL Rights Management

      The rights to manage or view ACLs can be configured flexibly: from basic rights that cover all ACLs to resource-specific rights with specifications on the naming scheme. The latter allows teams to independently manage resources within their working ...