User Roles

About User Roles

An administrator can grant role-based permissions as listed in the Grant Permission to a Subtenant, User, or Group section below. The following screenshot shows the CloudCenter resources that can be granted role-based permissions (all resources are unchecked by default).

The following roles are preconfigured and available out-of-box:

  • Admin: All resource permissions, except for the Cloud and Cloud Account resources, are available for this role.

  • Ops: Only the Application Profile, Policy, and Deployment Environment resource permissions are available for this role.

Add New Role

To create a role to a user or group, follow this procedure:

  1. Access the CCM UI and click Admin > Roles. The User Roles page displays.

  2. Click Add New Role to add a new role to this list.

  3. Add a name and description for this role and provide the applicable permissions for this role.

  4. Select the required global permissions to allow this user access to the selected objects. You can also set more granular permissions at individual objects level. See Permission Control for additional context.

  5. Click Submit. The newly added group is visible in the User Roles page.

Grant Permission to a Subtenant, User, or Group

After creating a subtenant, user, or group, these resources can only use/manage resources that are shared (for example, shared clouds or application). To grant the required permissions to add applications, or clouds, or cloud accounts, or other permitted resources listed in Permission Control > Role-Based Permissions, you must explicitly grant permission to the specific subtenant (or user or group) as listed in the following procedure.

  1. Access the CCM UI and click Admin > Roles. The User Roles page displays.

  2. Review the current roles (if any).

    • If the required role is listed in this page, click the Edit icon. You can only edit the role if you are the owner.

    • If the required role is not listed, follow the procedure to Add a New Role.

  3. Scroll down to the Permissions section and enter the resource(s) that need to be associated with this role. See Permission Control > Role-Based Permissions for a complete list of permission details.

  4. Click Submit. The newly added association is saved for this user role.

Delete a Role

You can only delete a role if you are the role owner. 
To delete a role, follow this procedure.

  1. Access the CCM UI and click Admin > Roles. The User Roles page displays.

  2. Click the Delete icon corresponding to the role that you need to delete.

  3. Click OK in the confirmation popup.

© 2017-2019 Cisco Systems, Inc. All rights reserved