Show Table of Contents
11.5. About Role Permissions
What each role is allowed to do is defined by what permissions it has. Not every role has every permission. Notably SuperUser has every permission and Monitor has the least.
Each permission can grant read and/or write access for a single category of resources.
The categories are: runtime state, server configuration, sensitive data, the audit log, and the access control system.
Table 11.1, “Role Permissions Matrix” summarizes the permissions of each role.
Table 11.1. Role Permissions Matrix
|
Monitor
|
Operator
|
Maintainer
|
Deployer
|
Auditor
|
Administrator
|
SuperUser
| |
|
Read Config and State
|
X
|
X
|
X
|
X
|
X
|
X
|
X
|
|
Read Sensitive Data [2]
|
X
|
X
|
X
| ||||
|
Modify Sensitive Data [2]
|
X
|
X
| |||||
|
Read/Modify Audit Log
|
X
|
X
| |||||
|
Modify Runtime State
|
X
|
X
|
X[1]
|
X
|
X
| ||
|
Modify Persistent Config
|
X
|
X[1]
|
X
|
X
| |||
|
Read/Modify Access Control
|
X
|
X
|
[1] permissions are restricted to application resources.
[2] What resources are considered to be "sensitive data" are configured using Sensitivity Constraints.
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.