Users can perform various operations based on the roles assigned to them. Secure Edge offers two default roles: Admin and Read Only. Admin users can add, edit, and delete configurations, while Read Only users can view them. Assign roles based on responsibilities, and create custom roles as needed for specific functions within network, organization, service, and user management.
Roles and associated user operations
The following table lists some of the operations associated with default and custom roles in the Secure Edge Portal.
| Component | Admin | Read Only |
|---|---|---|
| Network | Add/delete network View/edit network Connect/disconnect network | View network |
| Node | Add/delete node Edit node Collect diagnostic data | View node details |
| Org | Create child org Create user and roles | View org details |
| Role | Add/view roles | View roles |
| Service | Install services Delete services View service logs | View service |
| User | View/edit user Add/delete user | View list of all users |
Default roles and associated permissions
The following table lists the default roles and their associated permission names.
| Default role | Permissions |
|---|---|
| Read Only | NODE:READ, NETWORK:READ, SERVICE:READ, ORG:READ, USER:READ, ROLE:READ |
| Admin | NODE:ADMIN, NODE:READ, NODE:REBOOT, NETWORK:READ, NETWORK:ADMIN, NETWORK:CONNECT_DISCONNECT, NETWORK:DIAGNOSTIC, SERVICE:ADMIN, SERVICE:READ, ORG:ADMIN, ORG:READ, USER:ADMIN, USER:READ, ROLE:ADMIN, ROLE:READ, PKI:ADMIN, EVENT:DOWNLOAD, EVENT:VIEW, ACTIVITY:DOWNLOAD, ACTIVITY:VIEW |
Available permissions
The following table lists all available permissions. On the Roles page, in the Permissions field, you can hover over any permission name for a quick description of its access level(s).
| Permission | Description |
|---|---|
| NODE:READ | Allows read access to all clusters, nodes, networks, services, service template, profiles (config template), techdump, ssh public keys, PKI, node and service statistics view, node upgrade history and container image under the respective namespace, node CLI, monitoring, and duplicate address detection (DAD). |
| NODE:ADMIN | Allows administrator access to all nodes, networks, services, service template, profiles (config template), techdump, node upgrade history and container image, and node and service statistics view. Also allows read access to PKI under the respective namespace, cluster management, node CLI, monitoring, DAD, and representation network automation. |
| NODE:REBOOT | Allows reboot and node service statistics view access to all nodes under the respective namespace. |
| NETWORK:READ | Allows read access to all networks and vinet under the respective namespace. |
| NETWORK:ADMIN | Allows administrator access to all networks and vinet under the respective namespace. |
| NETWORK:CONNECT_DISCONNECT | Allows connect and disconnect access to all networks under the respective namespace. |
| NETWORK:DIAGNOSTIC | Allows read access to all nodes’ techdump under the respective namespace. |
| SERVICE:READ | Allows read access to all services and secrets under the respective namespace. |
| SERVICE:ADMIN | Allows administrator access to all services and secrets under the respective namespace. |
| ORG:READ | Allows read access to organization, user, role, ssh public keys, and permission(s). |
| ORG:ADMIN | Allows access to the following functions: create a new organization, user, and role; create/update organization policy, reset two-factor authentication (2FA), initiate verify email, assign certificates to organization under the respective namespace, manage public keys, manage SSH access on nodes and administrator access to API key, access events at organization and node level, and access notification channels. |
| USER:READ | Allows read access to users’ roles under the respective namespace. |
| USER:ADMIN | Allows administrator access to users and roles, initiate verify user email, and create/get API key under the respective namespace. |
| ROLE:READ | Allows read access to roles under the respective namespace. |
| ROLE:ADMIN | Allows administrator access to roles under the respective namespace. |
| PKI:ADMIN | Allows administrator access to PKI (public key infrastructure). |
| EVENT:DOWNLOAD | Allows access to download event logs. |
| EVENT:VIEW | Allows access to view organization and node level events. |
| ACTIVITY:DOWNLOAD | Allows access to download activity logs. |
| ACTIVITY:VIEW | Allows access to view activity logs |
Create user-defined roles
To create a user-defined role, follow these steps:
- Log in to Secure Edge Portal with Admin access.
- From the left menu, select Users > All Roles.
- In the top right, select the plus sign icon (+) to add a new role.
- Enter the role name, a Description, and select the necessary permissions. (Hover over any permission to see a quick description.)
- Select + Add Role.
Assign a user-defined role
To assign a user-defined role for a new user, follow these steps:
- Log in to Secure Edge Portal with Admin access.
- From the top of the left menu, select the plus sign icon (+) > Add User.
- Enter the user details and select the role to assign this user.
- Select Add User.
To verify the role has the permissions you intended, log in as the user and confirm the appropriate operations are available.
View and edit roles
Admins can view roles and edit the permissions applied to a custom role.
Note
Default roles cannot be edited.
- From the portal's left menu, select Users > All Roles.
- On the Roles page, in the left column. Select any role name to view its description and permissions.
- To edit the role, click the menu to the right (three vertical dots) and the select the Edit (pencil) icon.
- Modify the desired fields. (Hover over any permission to see a quick description.)
- Select Update to save the changes.