Creating a Role
Describes how to create a user-defined role.
Prerequisites
The following prerequisites must be satisfied before you can create a user-defined role.
- You must be a fabric manager to be able to create a user-defined role.
- Single sign-on must be enabled to Data Fabric.
About this task
By default, Data Fabric has pre-defined roles that can be assigned to SSO users and SSO groups in Data Fabric.
If you need a user-defined set of permissions to apply to SSO users or SSO groups, you can configure user-defined roles and associate such roles with the required set of users.
A user-defined role can be attached to one or more SSO users and/or groups.
NOTE
Although you can create a role without associating IAM policies and
users/groups with the role, it is a best practice to create related users/groups
and IAM policies, before you create a role.A user-defined role must have a unique name.
User-defined roles are shared across all fabrics in a global namespace.
NOTE
User-defined roles that are created using the Data Fabric UI are not visible on the Keycloak
console.Follow the steps given below to create a new role.
Procedure
- Log on to the Data Fabric UI.
- Select Fabric Manager for the fabric manager view.
- Click the Security Administration tab.
- On the Roles card, click Create New Role. Alternatively, click View All on the Roles card and then click Create new role.
- Enter the Name and Description for the role.
- Click Add user and group and then click Add+ seen above User or Group.
- Search and select one or more users and then click Add to add all selected users. Repeat in a similar way for groups, if you are adding groups.
- Click Assign Policy. Search and select one or more IAM policies that the role is to be tagged with or associated with.
- Click Apply.