11.8. Configuring Role-Based Access Control

11.8.1. Overview of RBAC Configuration Tasks

When RBAC is enabled only users of the Administration or SuperUser role can view and make changes to the Access Control system.
The Management Console provides an interface for the following common RBAC tasks:
  • View and configure what roles are assigned to (or excluded from) each user
  • View and configure what roles are assigned to (or excluded from) each group
  • View group and user membership per role.
  • Configure default membership per role.
  • Create a scoped role
The CLI provides access to the complete access control system. This means that everything that can be done in the management console can be done there, but also a number of additional tasks can be performed with the CLI that cannot be done with the access control system.
The following additional tasks can be performed in the CLI:
  • Enable and disable RBAC
  • Change permission combination policy
  • Configuring Application Resource and Resource Sensitivity Constraints