Skip to main content

Roles & Access

Roles are used to define both role-based (RBAC) and relationship-based (ReBAC) authorization controls. In RBAC, only the role Name and Description for the role are defined. When using a relationship-based authorization model, a Resource Type must be selected.

An RBAC model gives global permissions to all resources of a resource type across the system. For example, an administrator could have create, read, update, and delete (CRUD) access to the folder resource type. A user assigned the administrator role would then have CRUD access to every folder object.

A ReBAC model gives permissions to users based on their relationship to that object. For instance, a folder#administrator would not have administrative access to every folder resource type, but to a specific folder resource.

Create a role

Complete the following to create a role in AuthZ:

  1. In the Pangea Console, navigate to AuthZ >> Roles & Access.
  2. Click + Role.
  3. Type a Name and Description for the role.
  4. To limit the scope of a Role to a specific resource or object, define a relationship for the role. The format is user is a {role} of {resource type}. For example, if the viewer role for articles was being created, then it might be something like “user is a viewer of article”.
  5. Click Save.

Delete a role

Complete the following to delete a role in AuthZ:

  1. In the Pangea Console, navigate to AuthZ >> Roles.
  2. Click the (-) button beside the role to delete.
  3. In the modal, type the Name of the role to confirm.
  4. Click Delete.

Was this article helpful?

Contact us