Roles management
6 min
manage and customize roles within kyndryl bridge services to control permissions and access efficiently, including creating new roles and updating existing ones a role is a collection of permissions allowed to take actions on resources that are used as a building block to create an access policy the benefit of roles is that they define a set of actions and permissions that a user can perform within kyndryl bridge common services alternatively, these actions may often vary from your own permission needs; kyndryl bridge allows you to create custom roles combining the different actions that the out of the box roles include to customize a new role a role allows a subject (users or service ids) to perform a specific set of permissions on a resource there are different types of roles out of the box roles (administration platform roles and services roles) custom roles administration platform roles the different administration platform roles available when adding users are groupings of permissions that allow the assigned users to perform a limited set of actions depending on their business needs this enables a role based access control (rbac) that maps a user to a role the rbac role defines the type of access that an identity with the rbac role can have against a resource rbac roles are usually defined based on job responsibilities within an organization the rbac role grants the access that is needed for an identity to do its job this is a simple model because administrators manage the mapping of rbac roles to an identity rbac roles setup is normally simpler than attribute based access control (abac) initial setup administrator has full administrative access to this is the only role that can invite, edit, and delete users from the model it is the role given to the first user of the platform editor has limited administrative access to viewer can view public information and act on their user idp preferences operator has limited administrative access to , as well as performing platform actions required to configure and manage services core services roles for more information about core services roles, see roles and permissions docid\ ics69b2oesewnrtsmbi3w accessing the roles page click the global menu icon click settings and select the page opens select roles from the left navigation bar of the page the roles page opens once in the roles page, you can perform a series of actions to personalize your role’s access management needs, including the following adding custom roles viewing, updating, and deleting custom roles adding custom roles click add new select add custom role the add custom role page opens from the add custom role page, complete the following information to add a new role name enter the name of the role id enter a unique id value to identify the role description enter an optional description or purpose for the role select service select the type of service select role select the type of role select permission(s) once you have selected your service and role, a permissions list is displayed to help you select the exact permissions that you want to add to your custom role this permissions list includes a short description to better understand the scope being assigned to that role click add next to the permission of your choice and see the summary pane for confirmation once you are satisfied with your selection, click add at the bottom of the page to finish the new custom role is created and displayed under the roles tab viewing, updating, and deleting custom roles to view all your roles, simply access the roles tab, which displays a list of all existing roles with their most relevant details you can use the filters or search capabilities at the top of the page to find the role that you are looking for a count tag will let you know how many permissions a specific role has click the count tag to learn about those permissions and the description for each to update any of the custom roles that you have created, select the role, and the details page opens if a role is not clickable, you may not have the right permissions to edit it once in the details page click edit at the top of the page to update the details of the role or click add + in the permissions section to add new permissions or remove existing ones to delete a custom role click the overflow menu next to the role of your choice and select delete confirm the deletion by typing the name of the role out of the box platform permissions (administrator, editor, viewer, operator) cannot be edited or deleted