Red Hat Training

A Red Hat training course is available for JBoss Enterprise Application Platform Common Criteria Certification

11.9.9. Creating Scoped Roles

Scoped Roles are user-defined roles that grant the permissions of one of the standard roles but only for one or more specified server groups or hosts. This topic shows how to create scoped roles.

Only users in the SuperUser or Administrator roles can perform this configuration.

Scoped Role configuration in the management console can be found by following these steps:

  1. Login to the Management Console

  2. Click on the Administration tab

  3. Expand the Access Control item on the left and select Role Assignment

  4. Select ROLES tab, and then the Scoped Roles tab within it.
Scoped Role Configuration in the Management Console

Figure 11.7. Scoped Role Configuration in the Management Console

The Scoped Roles section of the Management Console consists of two main areas, a table containing a list of the currently configured scoped roles, and the Selection panel which displays the details of the role currently selected in the table.
The following procedures show how to perform configuration tasks for Scoped Roles.

Procedure 11.22. Add a New Scoped Role

  1. Login to the Management Console
  2. Navigate tot he Scoped Roles area of the Roles tab.
  3. Click the Add button. The Add Scoped Role dialog appears.
    Add Scoped Role Dialog

    Figure 11.8. Add Scoped Role Dialog

  4. Specify the following details:

    • Name, the unique name for the new scoped role.

    • Base Role, the role which this role will base its permissions on.

    • Type, whether this role will be restricted to hosts or server groups.

    • Scope, the list of hosts or server groups that the role is restricted to. Multiple entries can be selected.

    • Include All, should this role automatically include all users. Defaults to no.
  5. Click the Save button and the dialog will close and the newly created role will appear in the table.

Procedure 11.23. Edit a Scoped Role

  1. Login to the Management Console
  2. Navigate to the Scoped Roles area of the Roles tab.
  3. Click on the scoped role you want to edit in the table. The details of that role appears in the Selection panel below the table.
    Role Selected

    Figure 11.9. Role Selected

  4. Click the Edit link in the Selection panel. The Selection panel enters edit mode.
    Selection Panel in Edit Mode

    Figure 11.10. Selection Panel in Edit Mode

  5. Update the details you need to change and click the Save button. The Selection panel returns to it's previous state. Both the Selection panel and table show the newly updated details.

Procedure 11.24. View Scoped Role Members

  1. Login to the Management Console
  2. Navigate to the Scoped Roles area of the Roles tab.
  3. Click on the scoped role in the table that you want to view the Members of, then click the Members button. The Members of role dialog appears. It shows users and groups that are included or excluded from the role.
    Role Membership Dialog

    Figure 11.11. Role Membership Dialog

  4. Click the Done button when you have finished reviewing this information.

Procedure 11.25. Delete a Scoped Role

Important

A Scoped Role cannot be deleted if users or groups are assigned to it. Remove the role assignments first, and then delete it.
  1. Login to the Management Console
  2. Navigate to the Scoped Roles area of the Roles tab.
  3. Select the scoped role to be removed in the table.
  4. Click the Remove button. The Remove Scoped Role dialog appears.
  5. Click the Confirm button.The dialog closes and the role is removed.
Report a bug