Manage platform roles
In this tutorial, you will learn how to work with roles using the EDK CLI, this lesson is applicable if you have been given a user_admin role.
To get help with commands for managing roles, you can use the edk role --help command.
Usage: edk role [options] [command] <command>
manage user roles
Options:
-h, --help display help for command
Commands:
list [options] <email> list all global roles for a user
get [options] <email> get details of a specific global role for a user
add [options] <email> add a global role to a user
remove [options] <email> remove a global role from a user
help [command] display help for command
Permissions
The actions granted for the different permissions vary across the platform, generally they are broken up between global actions, and tenant level actions.
Global permissions
The following permissions relate to actions globally for the platform.
| Global Permissions | (all users) | user_admin | tenant_admin | cluster_admin |
|---|---|---|---|---|
| Login to Elara | X | |||
| Create personal access tokens | X | |||
| Add/remove/list global users | X | |||
| Add/remove/list global user roles | X | |||
| Create/delete/list tenants | X | List only | ||
| View cluster nodes, worker logs, fine-grained usage | X (all tenants) |
Tenant permissions
The following permissions relate to actions within a tenant.
| Tenant Permissions | (all users) | user_admin | tenant_admin | cluster_admin |
|---|---|---|---|---|
| Add/remove/list tenant users | X (all tenants) | |||
| Add/remove/list tenant user roles | X (all tenants) | |||
| Freeze/unfreeze workspace | ||||
| Create/delete/list workspaces | List only (all tenants) | |||
| Deploy to existing workspaces | ||||
| Edit workspaces (write to streams, launch tasks) | ||||
| View workspaces and portals | ||||
| Read streams, task history, etc | Usage summary only (all tenants) |
List roles for a user
If you have been provided the user_admin role, you can list all roles for a user by running edk role list in the command-line along with the user email address. You can get help with the command by running edk role list --help.
Run the following in the command-line:
edk role list name1@email.com
Which will result in:
Roles for user name1@email.com at https://192.168.0.150:8443.
USERROLEUUID USERUUID ROLE CREATEDAT DELETEDAT
XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX cluster_admin YYYY-MM-DDTHH:MM:SS.MSZ
XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX tenant_admin YYYY-MM-DDTHH:MM:SS.MSZ
XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX user_admin YYYY-MM-DDTHH:MM:SS.MSZ
Get role details for a user
If you have been provided the user_admin role, you can get the details of a specific roles for a user by running edk role list in the command-line along with the user email address and the role type. You can get help with the command by running edk role get --help.
Run the following in the command-line:
edk role get name1@email.com --role user_admin
Which will result in:
Role user_admin for user name1@email.com with at https://192.168.0.150:8443.
USERROLEUUID USERUUID ROLE CREATEDBY CREATEDAT DELETEDBY DELETEDAT
XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX user_admin name1@email.com YYYY-MM-DDTHH:MM:SS.MSZ
Remove a role from a user
If you have been provided the user_admin role, you can remove a role from a user by running edk role remove in the command-line along with the user email address and the role type. You can get help with the command by running edk role remove --help.
Run the following in the command-line:
edk role remove name1@email.com --role cluster_admin
Which will result in:
✔ Role cluster_admin for user with id XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX is disabled
Add a role to a user
If you have been provided the user_admin role, you can add a role to a user by running edk role add in the command-line along with the user email address and the role type. You can get help with the command by running edk role get --help.
Run the following in the command-line:
edk role add name1@email.com --role cluster_admin
Which will result in:
✔ Role cluster_admin for user with id XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX is enabled
Next steps
In this tutorial you learnt how to manage roles, continue to the next tutorial to learn how to manage tenants.