Comment on page
Roles
Access control on the Neu.ro platform is based on roles. Each role contains a set of permissions for various entities and actions. In this way, users with different roles will have different levels of access on the platform. By default, every cluster has three roles: User, Manager, and Admin (you can learn more about them here). Users can also create their own custom roles and grant them to other users.
To create a new role, use the
neuro acl add-role {username}/roles/{rolename}
command. For example:> neuro acl add-role alice/roles/newrole
The created role will be called
newrole
and have an empty permission set. You can then add resources to this set using the neuro acl grant {URI} {username}/roles/{rolename}
command. For example:> neuro acl grant job:job363 alice/roles/newrole
This will add a permission for the
job363
job to the newrole
role. You can grant roles to users by running the
neuro acl grant role://{username}/roles/{rolename} {username2}
command:> neuro acl grant role://alice/roles/newrole bob
This will grant the
newrole
role to Bob. This means that Bob will have access to all entities listed under this role.Roles can be revoked from users with the help of the
neuro acl revoke
command. For example:> neuro acl revoke role://alice/roles/newrole bob
Obsolete roles can be deleted using the
neuro acl remove-role
command. For example:> neuro acl remove-role alice/roles/newrole
Feel free to refer to this Neu.ro CLI Reference page to learn more about using the
neuro acl
command.Last modified 2yr ago