Cloud Services

ModernOps

Assigning Roles using IAM
Published On Jul 03, 2024 - 11:11 AM

Assigning Roles using IAM

Discover and understand the concept of Role.
A Role allows a Subject (Users or Service IDs) to perform a specific set of permissions on a resource.
There are different types of roles:
  1. Out of the Box Roles (Platform Roles, and App Roles).
  2. Custom roles.
The benefit of Roles is that they define a set of actions and permission that a user can perform in the platform. Alternatively, these actions may often vary from your own permission needs; reason why Kyndryl Modern Operations Applications allows you to create
custom roles
combining the different actions that platform and App roles have to customize a new role
The following permissions are needed to be able to manage Roles. The
Platform Administrator
role, which is the out-of-the-box role granted to you when the account is first created, is the only role that includes all these permissions. Alternatively, as a
Platform Administrator
, you can create Custom Roles and assign them the Roles permissions.
Permission
Description
iam.customrole.view
Allow to view custom roles
iam.customrole.create
Allow to create a custom role
iam.customrole.update
Allow to update a custom role
iam.customrole.delete
Allow to delete a custom role

Adding custom roles

To add a custom role, follow these steps:
  1. Access the IAM page.
  2. Select
    Roles
    from the left navigation bar of the page. The roles page opens.
  3. Click
    Add New
    .
  4. Select
    Add Custom Role
    . The Add Custom Role page opens.
In the Add Custom Role page, complete the following information to add a new role:
  • Role Name:
    Enter the name of the role.
  • Role ID:
    Enter a unique ID value to identify the role.
  • Description:
    Enter an optional description or purpose for the role.
  • Select Service:
    Select the type of service.
  • Select Role:
    Select the type of role.
  • Select Permission(s):
    Once you have selected your service and role, a permissions list is displayed to help you select the exact permissions that you want to add to your custom role. This permissions list includes a short description to better understand the scope being assigned to that role. Click
    Add
    next to the permission of your choice, and see the Summary pane for confirmation.
  • Once you are satisfied with your selection, click
    Add
    at the bottom of the page to finish.
The new
Custom Role
is created and displayed under the Roles tab.

Viewing, updating and deleting custom roles

To view all your roles, simply access the
Roles
tab, which displays a list of all existing roles with their more relevant details. You can use the filters or search capabilities at the top of the page to find the role that you are looking for.
A count tag will let you know how many permissions a specific role has. Click the count tag to learn which permissions those are and the description for each.
To update any of the custom roles that you have created, select the role and the
Details
page opens. If any role is not clickable, you may not have the right permissions to edit it.
Once in the Details page:
  1. Click
    Edit
    at the top of the page, to update the details of the role. 
    -or-
  2. Click
    Add +
    in the Permissions section to add new permissions or remove existing ones.
To delete a custom role, click the
Actions menu
next to the role of your choice, and select
Delete
. Confirm the deletion by typing the name of the Role.
Out-of-the-box platform permissions (Administrator, Editor, Viewer, Operator) cannot be edited or deleted.
Do you have two minutes for a quick survey?
Take Survey