Role Management
Overview
This guide walks you through assigning and revoking roles for users in projects on Wavestack.
Specifically, you will learn how to:
- Assign roles to a user
- Revoke roles from a user
Authorisation dashboard
On the dashboard click on the Authorizations tag to see an overview of all authorisations that are currently in place.
Default authorisation
If you open this for the first time, you will notice that Wavestack has already created a single default authorisation for you. This authorisation will let you access the default project with your initial user.
Add an authorisation
To add a new authorisation, click on the blue New button. This will open a wizard that allows you to grant roles to users in specific projects.
User selection
Select the users that you want to authorise from the list of users.
Project selection
Select the project in which you want to grant roles.
Click on the blue Continue button to get to the next page.
Role selection
You can grant different roles to users in your projects, which allows for a more fine-grained control over their permissions.
You can select from the following roles:
| Role | Service | Permissions |
|---|---|---|
| ga-admin | WKE | create, read, update and delete |
| ga-viewer | WKE | read |
| os-creator | Barbican | create, read, update and delete |
| os-heat_stack_owner | Heat | create, read, update and delete |
| os-load-balancer_member | Octavia | create, read, update and delete |
| os-member | OpenStack (all) | create, read, update and delete |
| os-reader | OpenStack (all) | read |
Finish creation
Once you are happy with your selection, click the blue Save button.
You will then return to the overview of all authorisations, where you will see your newly created authorisation.
