Chapter 3. Management of roles on the Ceph dashboard

As a storage administrator, you can create, edit, clone, and delete roles on the dashboard.

By default, there are eight system roles. You can create custom roles and give permissions to those roles. These roles can be assigned to users based on the requirements.

This section covers the following administrative tasks:

3.1. User roles and permissions on the Ceph dashboard

User accounts are associated with a set of roles that define the specific dashboard functionality which can be accessed.

The Red Hat Ceph Storage dashboard functionality or modules are grouped within a security scope. Security scopes are predefined and static. The current available security scopes on the Red Hat Ceph Storage dashboard are:

  • cephfs: Includes all features related to CephFS management.
  • config-opt: Includes all features related to management of Ceph configuration options.
  • dashboard-settings: Allows to edit the dashboard settings.
  • grafana: Include all features related to Grafana proxy.
  • hosts: Includes all features related to the Hosts menu entry.
  • iscsi: Includes all features related to iSCSI management.
  • log: Includes all features related to Ceph logs management.
  • manager: Includes all features related to Ceph manager management.
  • monitor: Includes all features related to Ceph monitor management.
  • nfs-ganesha: Includes all features related to NFS-Ganesha management.
  • osd: Includes all features related to OSD management.
  • pool: Includes all features related to pool management.
  • prometheus: Include all features related to Prometheus alert management.
  • rbd-image: Includes all features related to RBD image management.
  • rbd-mirroring: Includes all features related to RBD mirroring management.
  • rgw: Includes all features related to Ceph object gateway (RGW) management.

A role specifies a set of mappings between a security scope and a set of permissions. There are four types of permissions:

  • Read
  • Create
  • Update
  • Delete
Security scope and permission

The list of system roles are:

  • administrator: Allows full permissions for all security scopes.
  • block-manager: Allows full permissions for RBD-image, RBD-mirroring, and iSCSI scopes.
  • cephfs-manager: Allows full permissions for the Ceph file system scope.
  • cluster-manager: Allows full permissions for the hosts, OSDs, monitor, manager, and config-opt scopes.
  • ganesha-manager: Allows full permissions for the NFS-Ganesha scope.
  • pool-manager: Allows full permissions for the pool scope.
  • read-only: Allows read permission for all security scopes except the dashboard settings and config-opt scopes.
  • rgw-manager: Allows full permissions for the Ceph object gateway scope.
System roles

For example, you need to provide rgw-manager access to the users for all Ceph object gateway operations.

Additional Resources

3.2. Creating roles on the Ceph dashboard

You can create custom roles on the dashboard and these roles can be assigned to users based on their roles.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • Admin level of access to the Dashboard.

Procedure

  1. Log in to the Dashboard.
  2. Click the Dashboard Settings icon and then click User management.

    user management
  3. On Roles tab, click Create:
  4. In the Create Role window, set the Name, Description, and select the Permissions for this role, and then click the Create Role button:

    Create role window

    In this example, if you give the ganesha-manager and rgw-manager roles, then the user assigned with these roles can manage all NFS-Ganesha gateway and Ceph object gateway operations.

  5. You get a notification that the role was created successfully.
  6. Click on the Expand/Collapse icon of the row to view the details and permissions given to the roles.

Additional Resources

3.3. Editing roles on the Ceph dashboard

The dashboard allows you to edit roles on the dashboard.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • Admin level of access to the Dashboard.
  • A role is created on the dashboard.

Procedure

  1. Log in to the Dashboard.
  2. Click the Dashboard Settings icon and then click User management.

    user management
  3. On Roles tab, click the role you want to edit.
  4. In the Edit Role window, edit the parameters, and then click Edit Role.

    Edit role window
  5. You get a notification that the role was updated successfully.

Additional Resources

3.4. Cloning roles on the Ceph dashboard

When you want to assign additional permissions to existing roles, you can clone the system roles and edit it on the Red Hat Ceph Storage Dashboard.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • Admin level of access to the dashboard.
  • Roles are created on the dashboard.

Procedure

  1. Log in to the Dashboard.
  2. Click the Dashboard Settings icon and then click User management.

    user management
  3. On Roles tab, click the role you want to clone.
  4. Select Clone from the Edit drop-down menu.
  5. In the Clone Role dialog box, enter the details for the role, and then click Clone Role.

    Delete role window
  6. Once you clone the role, you can customize the permissions as per the requirements.

Additional Resources

3.5. Deleting roles on the Ceph dashboard

You can delete the custom roles that you have created on the Red Hat Ceph Storage dashboard.

Note

You cannot delete the system roles of the Ceph Dashboard.

Prerequisites

  • A running Red Hat Ceph Storage cluster.
  • Dashboard is installed.
  • Admin level of access to the Dashboard.
  • A custom role is created on the dashboard.

Procedure

  1. Log in to the Dashboard.
  2. Click the Dashboard Settings icon and then click User management.

    user management
  3. On Roles tab, click the role you want to delete.
  4. Select Delete from the Edit drop-down menu.
  5. In the Delete Role dialog box, Click the Yes, I am sure box and then click Delete Role.

    Delete role window

Additional Resources