Show Table of Contents
Chapter 3. Managing Users and Access Controls
Access controls are implemented per-organization through roles which define what users can access what elements of the organization.
3.1. About Users, Roles, and Access Controls
Security establishes precise relationships between users, resources, and the tasks users can perform. Interactions between users and resources are ordered by including or excluding those users and resources (through groups) in defined roles, and then granting the role the ability to perform tasks.
When a user is allowed to perform a certain operation, that is called a permission.
Users are granted permissions (such as read, edit, create, and delete) to elements within a specific organization. These permissions must be explicitly granted; by default, all actions are implicitly denied to users.
Permissions are granted to users through roles. A role defines three elements:
- The organization or organizations to which is applies
- Users which belong to the role
- The permissions which those users have within the organization
Figure 3.1. Users, Organizations, and Permissions in a Role
A single role can be associated with multiple organization, but the permissions are set on each organization individually. So, configure all the permissions for one organization and then select another and configure all of the permissions for that.
The permissions within Subscription Asset Manager are highly specific. The permissions themselves define both an action and the target to which that action is permitted. For example, one permission is register systems. That defines both the action (register) and the target (systems within the organization). Registering other objects is a separate permission, as is performing other tasks on systems.
Table 3.1, “Subscription Asset Manager Components and Allowed Permissions” lists the available permissions. The number of permissions allow substantial flexibility in creating roles that meet business needs and providing adequate controls on access. The specificity of the permissions makes defining access controls easier since the action and target are always clear.
Table 3.1. Subscription Asset Manager Components and Allowed Permissions
| Component | Possible Permissions |
|---|---|
| Organization: Organization Entries |
|
| Organization: Distributor Entries |
|
| Organization: System Entries |
|
| Activation Keys |
|
| System Groups |
|
| Providers |
|
Where did the comment section go?
Red Hat's documentation publication system recently went through an upgrade to enable speedier, more mobile-friendly content. We decided to re-evaluate our commenting platform to ensure that it meets your expectations and serves as an optimal feedback mechanism. During this redesign, we invite your input on providing feedback on Red Hat documentation via the discussion platform.