Roles

1. Introduction

A Role is an access privilege that can be assigned to Users. In ZedControl, a role can be defined across activities such as Create, Monitor, Operate, and Remove (CRUD activities). The permissions are then applied to various objects such as Edge Node, Edge Applications, Users, and Enterprises.
 
The following illustration shows how a particular user may be linked with the objects and permissions.

1.1. Role-based permissions for users

In ZEDEDA, each user role has access to the projects in scope and the level of CRUD permissions across objects. The permissions are applied for each of the objects such as Edge Node, Edge Application, Users, and Enterprise. However, the creation and removal permissions for the Enterprise objects rests only with the ZEDEDA admin.
 
ZedControl operates with predefined roles and their capabilities as follows:
 
  • SysAdmin - Members of the system admin can perform CRUD activities for each of the objects (except create and remove enterprises). Only these Role users can create, operate or remove other users. The scope is across all projects in the enterprises.
  • SysManager - Members of the system manager can perform CRUD activities only for Edge Node and Edge Application objects for the projects in scope as permitted. A system manager can only monitor User permissions.
  • SysMonitor - Members of the system monitor can only monitor the projects in scope across the Edge Node, Edge Application, and Users objects.
  • SysOperator - System operator members can monitor and operate the projects in scope across the Edge Node and Edge Application objects. This role user can monitor the User object.
 
When the system admin creates new users, one of the predefined role templates has to be selected.
 
Note: You cannot create a custom permission set. You can only choose the project/s and permissions template to create a custom role.
 

1.2. Project scope

All roles are project-based. Roles can also be defined project-wise. For example, the system admin can only give access to a particular project for a particular user. Then, in that case, the user cannot access other projects under the Enterprise.
 
The following diagram shows the details of Project-based access (one or more than one).
 
 

1.3. List View

After you log in to ZedControl:
  • Step 1 > Click on the Administration (Administration_icon.png) icon.
  • Step 2 > Click on 'Roles'.
 
ZEDCC_I_AM_Roles_Screen_01.png
 

1.4. Detail View

  • Step 1 > Click on any of the Roles in the list view to show the detailed view of the same.
 

ZEDCC_I_AM_Roles_Screen_02.png

 
  • Step 2 > A temporary tab (tem_roles.png) is created, navigating you to the detailed view of the selected Role.
 
ZEDCC_I_AM_Roles_Screen_03.png
 
The detail view has tertiary navigation with the Basic info tab.
 

2. Operations Using ZedUI

The following are the Role operations:
 

2.1. Create

The create operation can be performed in the Roles list view only. After you log in to ZedControl, create a custom role using the following steps:
  • Step 1 > Click on the Add (Add_icon.png) icon
 
ZEDCC_I_AM_Roles_Screen_04.png
 
  • Step 2 > Populate the input field values such as 'Name', 'Title', and 'Description'.
  • Step 3 > Select the 'Projects' to which this particular role has to be given access, along with the 'Permissions Template.'
  • Step 4 > Click on the 'Add' button.
 
ZEDCC_I_AM_Roles_Screen_05.png
 
  • Step 5 > When you click on the 'Add' button, a toast message appears as shown below:
Role has been added.
  • Step 6 > You can see the new Role by name is 'test' is added in the Roles list Role.
 
ZEDCC_I_AM_Roles_Screen_06.png
 
The Role is created successfully!
 

2.2. Read

The read operation can be performed in the Roles detail view only. After you log in to ZedControl, click on Administration (Administration_icon.png) icon and select 'Roles' to go to the already available roles list. Click on any of the Roles in the list view to show the detailed view of the same.
 
The read view shows only the 'Basic Info' section.
 

Basic Info

 
ZEDCC_I_AM_Roles_Screen_07.png
 
a) shows the details when the Role is created.
 
Note: The default Roles which are present cannot be Edited or Updated.
 

2.3. Update (Edit)

The read operation can be performed in the Roles detail view only. After you log in to ZedControl, click on Administration (Administration_icon.png) icon and select 'Roles' to go to the already available roles list. Click on any of the Roles in the list view to show the detailed view of the same.

Basic Info

Update/edit a custom role using the following steps:
  • Step 1 > Click on Edit (Edit_icon.png) icon.

ZEDCC_I_AM_Roles_Screen_08.png

 
The 'Basic Info' section allows you to update/edit most fields. Refer to the tables under the create operation for information on the editable field values and their descriptions.
  • Step 2 > Update the editable fields.
  • Step 3 > Update the Project scope and Permissions Template as needed.
  • Step 4 > Click on the 'Submit' button.
 
ZEDCC_I_AM_Roles_Screen_09.png
 
  • Step 5 > When you click on the 'Submit' button, a toast message announcing the successful submission appears below:
Role: test has been updated.
 
ZEDCC_I_AM_Roles_Screen_10.png
 
The custom Role is updated successfully!
 

2.4. Delete

The delete operation can be performed in the Roles list and detail view. After you log in to ZedControl, if you no longer require the custom role, you could delete it using the following steps:
 
Note: You can perform the delete operation on either the ListView or Detail View screen. For simplicity, we will follow the deletion of multiple custom roles workflow, which you can carry out from the list view.
 
  • Step 1 > Click on the custom role list check boxes on which the required operation needs to be performed.
  • Step 2 > Click on More (More_icon.png) icon on the top right corner.
  • Step 3 > From the dropdown, select 'Delete'.
 
ZEDCC_I_AM_Roles_Screen_11.png
 
  • Step 4 > Click the 'Confirm' button on the modal dialogue, which appears as below:
Deleting these 1 Role(s) will permanently remove the data about these role(s) from management platform.
Note: There is no way to reclaim the data, after the delete operation is performed.
 
ZEDCC_I_AM_Roles_Screen_12.png
 
  • Step 5 > When you click on the 'Confirm' button, a toast message announcing the successful submission of the deleted Role appears.
Role has been removed.
 
ZEDCC_I_AM_Roles_Screen_13.png
 
The selected custom Role is deleted successfully!
 

3. Operations Using zCLI

To log in to ZedControl through zCLI, see here.
 

3.1. Create

You can create a Role using the following command:
zcli> zcli role create <name> --access-right=<object-access>... [--title=<title>] [--description=<description>]
 

3.2. Read (Show)

You can use the following command to see the created Role details:
zcli> zcli role show [[[<name> |--self | --uuid=<uuid>] [--detail]] | [[--project=<project>] [--name-pattern=<name-pattern>]]]
 
For example, the show command for Role displays the following output:
 
zcli> zcli role show
Role E-Scope P-Scope EdgeNodeAccess Apps Access User Access EntrpriseAccess
------------ -------- -------- -------------- ------------ ------------ ----------------
SysMonitor local All R R R
SysOperator local All RU RU R
SysAdmin local All CRUD CRUD CRUD RU
SysManager local All CRUD CRUD R
Total 4
zcli>
 

3.3. Update (Edit)

You can update a Role using the following command:
zcli> zcli role update <name> [--access-right=<object-access>...] [--title=<title>] [--description=<description>]
 

3.4. Delete

You can delete a Role using the following command:
zcli> zcli role delete <name> [-f]
 
Note: -f is to forcefully make the delete request to the ZedControl, without prompting the user.
 
Role operations are successfully executed!
Was this article helpful?
0 out of 0 found this helpful

Articles in this section