Chapter 4. Predefined User Access roles
The following table lists the predefined roles provided with User Access. Some of the predefined roles are included in the Default access group, which includes all authenticated users in your organization.
Only the Organization Administrator users in your organization inherit the roles in the Default admin access group. Because this group is provided by Red Hat, it is updated automatically when Red Hat assigns roles to the Default admin access group.
For more information about viewing predefined roles, see Chapter 2, Procedures for configuring User Access.
- NOTE
- Predefined roles are updated and modified by Red Hat and cannot be modified. The table might not contain all currently available predefined roles.
Table 4.1. Predefined roles provided with User Access
| Role name | Description | Default access group | Default admin access group |
|---|---|---|---|
| Approval Administrator | An approval administrator role that grants permissions to manage workflows, requests, actions, and templates. | ||
| Approval User | An approval user role which grants permissions to create/read/cancel a request, and read workflows. | X | |
| Approval Approver | An approval approver role that grants permissions to read and approve requests. | ||
| Automation Analytics Administrator | An Automation Analytics Administrator role that grants ALL permissions. | ||
| Automation Analytics Editor | An Automation Analytics Editor role that grants read-write permissions. | X | |
| Automation Analytics Viewer | An Automation Analytics Viewer role that grants read permissions. | ||
| Automation Services Catalog administrator | A catalog administrator roles grants create,read,update, delete and order permissions | ||
| Automation Services Catalog user | A catalog user roles grants read and order permissions | X | |
| Compliance administrator | A Compliance role that grants full access to any Compliance resource. | X | |
| Compliance viewer | A Compliance role that grants read access to any Compliance resource. | X | |
| RHC administrator | Perform any operations on RHC manager | X | |
| RHC viewer | Can view the current configurations on RHC manager | X | |
| Repositories administrator | Perform any available operation against any repositories resource. | X | |
| Repositories viewer | Perform read only operations against repositories resources. | X | |
| Cost Administrator | A cost management administrator role that grants read and write permissions. | X | |
| Cost Price List Administrator | A cost management role that grants read and write permissions on cost models. | ||
| Cost Price List Viewer | A cost management role that grants read permissions on cost models. | ||
| Cost Cloud Viewer | A cost management role that grants read permissions on cost reports related to cloud sources. | ||
| Cost OpenShift Viewer | A cost management role that grants read permissions on cost reports related to Red Hat OpenShift sources. | ||
| Drift analysis administrator | Perform any available operation against any Drift Analysis resource. | X | |
| Drift viewer | Perform read only operation against Drift Analysis resources. | X | |
| RHEL Advisor administrator | Perform any available operation against any RHEL Advisor resource. | X | |
| Inventory administrator | Perform any available operation against any Inventory resource. | ||
| Inventory Hosts Administrator | Be able to read and edit Inventory Hosts data. | X | X |
| Inventory Hosts Viewer | Be able to read Inventory Hosts data. | ||
| Inventory Groups Administrator | Be able to read and edit Inventory Groups data. | X | |
| Inventory Groups Viewer | Be able to read Inventory Groups data. | ||
| Malware detection administrator | Perform any available operation against any malware-detection resource. | X | |
| Malware detection viewer | Read any malware-detection resource. | ||
| Migration Analytics administrator | Perform any available operation against any Migration Analytics resource. | X | |
| Notifications administrator | Perform any available operation against Notifications and Integrations applications. | X | |
| Notifications viewer | Read only access to notifications and integrations applications. | ||
| OCM Cluster Editor | Grants permission to edit clusters | ||
| OCM Idp Editor | Grants permission to edit idps | ||
| OCM Machine Pool Editor | Grants permission to edit machine pools | ||
| OCM Cluster Provisioner | Grants permission to provision clusters | X | |
| OCM Cluster Viewer | Grants permission to view clusters | X | |
| OCM Organization Admin | Grants administrative permissions associated organization’s clusters | ||
| OCP Advisor administrator | Perform any available operation against any OCP Advisor resource. | X | |
| Patch administrator | Perform any available operation against any Patch resource. | X | |
| Patch viewer | Read any Patch resource. | X | |
| Policies administrator | Perform any available operation against any Policies resource. | X | |
| Policies viewer | Perform read only operation against any Policies resource. | X | |
| User Access administrator | Grants a non-org admin full access to configure and manage user access to services hosted on console.redhat.com. This role can only be viewed and assigned by Organization Administrators. | ||
| User Access principal viewer | Grants a non-org admin read access to principals within user access. | ||
| Remediations administrator | Perform any available operation against any Remediations resource | ||
| Remediations user | Perform create, view, update, delete operations against any Remediations resource. | X | |
| Resource Optimization administrator | Perform any available operation against any Resource Optimization resource. | X | |
| Resource Optimization user | A Resource Optimization user role that grants read only permission. | X | |
| Sources administrator | Perform any available operation against any Source | X | |
| Subscriptions administrator | Perform any available operation against any Subscriptions resource. | X | |
| Subscriptions user | View any Subscriptions resource. | X | |
| Tasks administrator | Perform any available operation against any Tasks resource. | X | |
| Vulnerability administrator | Perform any available operation against any Vulnerability resource. | X | |
| Vulnerability viewer | Read any Vulnerability resource. |