Manage tenant roles
In this tutorial, you will learn how to work with tenant roles using the EDK CLI, this lesson is applicable if you have been given a tenant_user_admin role within a tenant.
To get help with commands for managing tenant roles, you can use the edk tenant role --help command.
Usage: edk tenant role [options] [command]
manage roles for tenant users
Options:
-h, --help display help for command
Commands:
list [options] <email> list tenant roles for a user
add [options] <email> add a tenant role to a tenant user
remove [options] <email> remove a tenant role from a tenant user
help [command] display help for command
Permissions
The actions granted for the different permissions vary across the platform, generally they are broken up between global actions, and tenant level actions.
Global permissions
The following permissions relate to actions globally for the platform.
| Global Permissions | tenant_user_admin | workspace_admin | developer | writer | (all tenant users) |
|---|---|---|---|---|---|
| Login to Elara | |||||
| Create personal access tokens | |||||
| Add/remove/list global users | List only | ||||
| Add/remove/list global user roles | |||||
| Create/delete/list tenants | |||||
| View cluster nodes, worker logs, fine-grained usage |
Tenant permissions
The following permissions relate to actions within a tenant.
| Tenant Permissions | tenant_user_admin | workspace_admin | developer | writer | (all tenant users) |
|---|---|---|---|---|---|
| Add/remove/list tenant users | X | ||||
| Add/remove/list tenant user roles | X | ||||
| Freeze/unfreeze workspace | X | ||||
| Create/delete/list workspaces | X | ||||
| Deploy to existing workspaces | X | ||||
| Edit workspaces (write to streams, launch tasks) | X | ||||
| View workspaces and portals | X | ||||
| Read streams, task history, etc | X |
List tenant roles for a user
If you have been provided the tenant_user_admin role, you can list all roles for a user by running edk tenant role list in the command-line along with the user email address. You can get help with the command by running edk tenant role list --help.
Run the following command:
edk tenant role list name1@email.com
Which will result in:
Tenant roles for user name1@email.com on tenant "MyTenant".
TENANTUSERUUID USERUUID USEREMAIL ROLE CREATEDBY CREATEDAT DELETEDBY DELETEDAT
XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX name1@email.com developer name1@email.com YYYY-MM-DDTHH:MM:SS.MSZ
XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX name1@email.com tenant_user_admin name1@email.com YYYY-MM-DDTHH:MM:SS.MSZ
XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX name1@email.com workspace_admin name1@email.com YYYY-MM-DDTHH:MM:SS.MSZ
XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX name1@email.com writer name1@email.com YYYY-MM-DDTHH:MM:SS.MSZ
Remove a tenant role from a user
If you have been provided the tenant_user_admin role, you can remove a role from a user by running edk tenant role remove in the command-line along with the user email address and the role type. You can get help with the command by running edk tenant role remove --help.
Run the following command:
edk tenant role remove name1@email.com --role workspace_admin
Which will result in:
✔ Successfully disabled role workspace_admin for user name1@email.com in tenant MyTenant
Add a tenant role to a user
If you have been provided the tenant_user_admin role, you can add a role to a user by running edk tenant role add in the command-line along with the user email address and the role type. You can get help with the command by running edk tenant role get --help.
Run the following command:
edk tenant role add name1@email.com --role workspace_admin
Which will result in:
✔ Successfully enabled role workspace_admin for user name1@email.com in tenant MyTenant
Next steps
In this tutorial you learnt how to manage roles in a tenant, continue to the next tutorial to learn how to view usage for a tenant.