Roles & Access
Learn how to set up AuthZ roles and permissions
Roles are used to define both role-based (RBAC) and relationship-based (ReBAC) access controls. In RBAC, only the role Name and Description for the role are defined. When using a relationship-based authorization model, a Resource Type must be selected.
An RBAC model gives global permissions to all resources of a resource type across the system. For example, an administrator could have create, read, update, and delete (CRUD) access to the folder resource type. A user assigned the administrator role would then have CRUD access to every folder object.
A ReBAC model gives permissions to users based on their relationship to that object. For instance, a folder#administrator would have administrative access only to specific folder resource(s).
Create a role
Complete the following to create a role in AuthZ:
- In the Pangea Console, navigate to AuthZ >> Roles & Access.
- Click + Role.
- Type a Name and Description for the role.
- To limit the scope of a Role to a specific resource or object, define a relationship for the role. The format is user is a
{role}of{resource type}. For example, if the viewer role for articles was being created, then it might be something like “user is a viewer of article”. - Click Save.
Delete a role
Complete the following to delete a role in AuthZ:
- In the Pangea Console, navigate to AuthZ >> Roles.
- Click the (-) button beside the role to delete.
- In the modal, type the Name of the role to confirm.
- Click Delete.
Was this article helpful?