11.9.8. Configuring Role-Based Access Control

11.9.8.1. Overview of RBAC Configuration Tasks

When RBAC is enabled only users of the Administration or SuperUser role can view and make changes to the Access Control system.
The management console provides an interface for the following common RBAC tasks:
  • View and configure what roles are assigned to (or excluded from) each user
  • View and configure what roles are assigned to (or excluded from) each group
  • View group and user membership per role.
  • Configure default membership per role.
  • Create a scoped role
The management CLI provides access to the complete access control system. This means that everything that can be done in the management console can be done there, but a number of additional tasks can be performed with the management CLI that cannot be done with the management console.
The following additional tasks can be performed in the CLI:
  • Enable and disable RBAC
  • Change permission combination policy
  • Configuring Application Resource and Resource Sensitivity Constraints