The Client Portal User Roles feature is a sophisticated Role-Based Access Control (RBAC) system used to regulate access★ to PNCP users. When used properly, RBAC enables you to carry out complex access schemes for your users.
To reach the User Roles page:
- Log in to the Client Portal.
- Open the My Account mega menu.
- Click User Roles.
★Access is defined as the user's ability to perform specific view, create and/or modify tasks in the Client Portal.
What is RBAC?
Role-Based Access Control (RBAC) is a secure method of restricting access to authorized users. It is a useful tool that allows an organizations to have greater control over their PNCP account through Segregation of Duties (SoD). It ensures that only appropriate users can see and access functions they are experts in, and prohibits users from accessing parts of the system that are not under their job role. The Account Manager assigns users to specific roles, where each role defines permission-levels. This ensures that every user has access according to their level of knowledge and authority.
Roles, Permissions and Users
- Permissions are assigned to roles. Click Actions > View Permissions in order to see a list of permissions associated to a certain Role.
- Users are assigned to roles. Click Actions > View Assigned Users in order to see a list of users assigned to a certain Role.
What is RBAC useful for?
RBAC is useful when you need to:
- Restrict the number of users with write permissions.
- Assign access to users according to their position in your organisation.
- Configure permissions that reflect the level of knowledge of each user.
NOTE: Every user is required to have an assigned role. One (1) role can be assigned per user.
Available User Roles
Each predefined PNCP role is purposely built so that the most common business roles are immediately catered for.
- Account Manager. Grants access for the user to change account wide settings, create and modify accounts and manage users.
- Administrator. A privileged role that provides a “super user” level of permissions. It is also automatically granted to the first user created on a new account.
- Billing Manger. A role that provides access to billing and payment features and reports as well as some basic read-only access to the account’s PNAP services infrastructure.
- Read Only. Grants access to view all features in the account but not to make any changes or create any new resources.
- System Administrator. This role is designed for users who manage existing VMs or Baremetal infrastructure, allowing them to console into the devices, reboot them, and similar. It does not allow the user to create or delete any devices.
- Technical Manager. A role that grants access to technical features such as creating VMs and Baremetal servers, setting Public Cloud firewall rules and Load Balancer pools, and similar. Technical Managers can also perform all the actions of a System Administrator.
NotePlease note that each user can only be assigned to ONE role. It is NOT possible to assign users to several roles.
To manage users and roles, click the Actions link in the row of the role you want to manage.
Possible Actions include:
- View Permissions. Click to get a list of permissions associated to a certain Role.
- Assign Users. Select users to be assigned to the role of your liking. Click Assign after you have selected the users.
- View Assigned Users. See a list of users assigned to a specific role. Use the Search field to look-up a user.