Kyndryl Bridge

Experience Kyndryl Bridge

Roles management
Published On Nov 05, 2024 - 8:02 AM

Roles management

Manage and customize roles within Kyndryl Bridge services to control permissions and access efficiently, including creating new roles and updating existing ones.
A Role is a collection of permissions allowed to take actions on resources that are used as a building block to create an Access Policy. The benefit of Roles is that they define a set of actions and permission that a user can perform within Bridge Common Services. Alternatively, these actions may often vary from your own permission needs; Kyndryl Bridge allows you to create custom roles combining the different actions that the out-of-the-box roles include to customize a new role. A Role allows a Subject (Users or Service IDs) to perform a specific set of permissions on a resource. There are different types of roles:
  • Out of the Box Roles (Administration Platform Roles, and Services Roles).
  • Custom roles.

Administration Platform roles

The different Administration Platform roles available when adding users are groupings of permissions that allow the assigned users to perform a limited set of actions depending on their business needs. This enables a Role-based access control (RBAC) that maps a user to a role. The RBAC role defines the type of access that an identity with the RBAC role can take against a resource. RBAC roles are usually defined based on job responsibilities within an organization. The RBAC role grants the access that is needed for an identity to do its job. This is a simple model because IAM administrators manage the mapping of RBAC roles to an identity. RBAC roles setup is normally simpler than Attribute-based access control (ABAC) initial setup.
  • Administrator: has full administrative access to IAM. This is the only role that can invite, edit and delete users from the IAM model. It is the role given to the first user of the platform.
  • Editor: has limited administrative access to IAM.
  • Viewer: can view public IAM information and act on their user IdP preferences.
  • Operator: has limited administrative access to IAM, as well as performing platform actions required to configure and manage services.

Common Services roles

For more information about Common Services roles, see Roles and permissions.
Accessing the Roles page
  1. Click the Global menu icon.
  2. Click
    Settings
    and select
    Service IAM
    . The IAM page opens.
  3. Select
    Roles
    from the left navigation bar of the page. The Roles page opens.
  4. Once in the Roles page, you can perform a series of actions to personalize your role’s access management needs, including the following:
    1. Adding custom roles
    2. Viewing, updating, and deleting custom roles

Adding custom roles

  1. Click
    Add New
    .
  2. Select
    Add Custom Role
    . The Add Custom Role page opens.
  3. From the
    Add Custom Role
    page, complete the following information to add a new role:
    1. Name
      : Enter the name of the role.
    2. ID
      : Enter a unique ID value to identify the role.
    3. Description
      : Enter an optional description or purpose for the role.
    4. Select Service
      : Select the type of service.
    5. Select Role
      : Select the type of role.
    6. Select Permission(s)
      : Once you have selected your service and role, a permissions list is displayed to help you select the exact permissions that you want to add to your custom role. This permissions list includes a short description to better understand the scope being assigned to that role. Click Add next to the permission of your choice and see the Summary pane for confirmation.
  4. Once you are satisfied with your selection, click
    Add
    at the bottom of the page to finish.
The new custom role is created and displayed under the
Roles
tab.

Viewing, updating and deleting custom roles

To view all your roles, simply access the
Roles
tab, which displays a list of all existing roles with their more relevant details. You can use the filters or search capabilities at the top of the page to find the role that you are looking for.
A count tag will let you know how many permissions a specific role has. Click the count tag to learn about those permissions and the description for each.
To update any of the custom roles that you have created, select the role and the
Details
page opens. If a role is not clickable, you may not have the right permissions to edit it. Once in the Details page:
  1. Click
    Edit
    at the top of the page, to update the details of the role.  -or-
  2. Click
    Add +
    in the
    Permissions
    section to add new permissions or remove existing ones.
To delete a custom role:
  1. Click the overflow menu next to the role of your choice and select
    Delete
    .
  2. Confirm the deletion by typing the name of the Role.
Out-of-the-box platform permissions (Administrator, Editor, Viewer, Operator) cannot be edited or deleted.
Do you have two minutes for a quick survey?
Take Survey