Chapter 16. Verifying access to the subscriptions service
User access to cloud.redhat.com services, including the subscriptions service, is controlled through a role-based access control (RBAC) system. User management capabilities for this RBAC system are granted to the organization administrators (org admins) for an organization, as configured through access.redhat.com. Org admins then manage the cloud.redhat.com RBAC groups, roles, and permissions for the other members in the organization. This management can include the assignment of the User Access administrator role to additional members in the organization. The org admins and user access administrators can manage user access by using the Settings > User access option at cloud.redhat.com.
The predefined role Subscriptions user controls the ability to activate and access the subscriptions service. By default, every user in the organization has this role. However, if your org admin has made changes to user access roles and groups, you might not be able to access the subscriptions service.
Beginning in September 2021, the RBAC roles for the subscriptions service are changed. The former Subscription Watch administrator role is renamed to the Subscriptions administrator role. This role contains every available permission for the subscriptions service. The Subscriptions user role, a new role with a subset of the permissions in the Subscriptions administrator role, now exists for users in the organization who do not require all the permissions for the subscriptions service. An example of this type of user is one who only needs to view report data.
After this change to the subscriptions service user access roles, then by default all users for organizations that activate the service and new users for organizations that currently use the service will be assigned the Subscriptions user role. However, the default behavior for role assignments is affected by how an organization is using RBAC groups to manage user access. If custom groups are in use instead of the Default access group, the org admin or another user with the User Access administrator RBAC role must manually update these groups to contain the new roles and manage any default assignment of them to the users in the organization.
- If you cannot activate or access the subscriptions service, contact your organization administrator. Your org admin can provide information about the status of the subscriptions service for your organization.
- For more information about cloud.redhat.com user access, see the User Access Configuration Guide for Role-Based Access Control.