Creating a Role

Describes how to create a user-defined role.

Prerequisites

The following prerequisites must be satisfied before you can create a user-defined role.

  • You must be a fabric manager to be able to create a user-defined role.
  • Single sign-on must be enabled to Data Fabric.

About this task

By default, Data Fabric has pre-defined roles that can be assigned to SSO users and SSO groups in Data Fabric.

If you need a user-defined set of permissions to apply to SSO users or SSO groups, you can configure user-defined roles and associate such roles with the required set of users.

A user-defined role can be attached to one or more SSO users and/or groups.

NOTE
Although you can create a role without associating IAM policies and users/groups with the role, it is a best practice to create related users/groups and IAM policies, before you create a role.

A user-defined role must have a unique name.

User-defined roles are shared across all fabrics in a global namespace.

NOTE
User-defined roles that are created using the Data Fabric UI are not visible on the Keycloak console.

Follow the steps given below to create a new role.

Procedure

  1. Log on to the Data Fabric UI.
  2. Select Fabric Manager for the fabric manager view.
  3. Click the Security Administration tab.
  4. On the Roles card, click Create New Role. Alternatively, click View All on the Roles card and then click Create new role.
  5. Enter the Name and Description for the role.
  6. Click Add user and group and then click Add+ seen above User or Group.
  7. Search and select one or more users and then click Add to add all selected users. Repeat in a similar way for groups, if you are adding groups.
  8. Click Assign Policy. Search and select one or more IAM policies that the role is to be tagged with or associated with.
  9. Click Apply.

Results

The new role is created. The newly created role is visible on the Roles card..