Create an RBAC policy

After creating a role, the next step is to create an RBAC policy and assign the role to one or more cloud accounts within the RBAC policy. RBAC policies define the domain of the resources, that is, cloud accounts for a role and is assigned to users to limit their access.

Prerequisites

Ensure that at least one role is available to be associated with the RBAC policy.

About this task

You can have any number of RBAC policies in Cloud Snapshot Manager. An integrated policy, Super Admin, is available in Cloud Snapshot Manager which can be assigned to users for full control over CSM. A user assigned the Super Admin policy is known as a Super Admin user.

CSM provides the flexibility to design policies as per the requirements of an organization. A user can have multiple RBAC policies assigned which may restrict the user to perform certain actions on a group of resources and other types of actions in another group of resources.

For example, a user has two policies assigned. One policy allows the user to take on-demand snapshots and to restore snapshots in cloud account1 and cloud account2. The other policy allows the user to generate reports in four cloud accounts. So, in effect, because both the policies are assigned, the user can take on-demand snapshots, restore snapshots, and generate reports in cloud account1 and cloud account2. For cloud account3 and cloud account4, the user can only generate reports.

Steps

  1. In the left navigation pane of the Cloud Snapshot Manager portal, under Identity and Access, select RBAC Policies and click New RBAC Policy.
  2. Specify a name and provide a description for the policy.
  3. Associate a role.
  4. Associate one or more cloud accounts.
  5. Click Save.
    You can delete an RBAC policy only if there are no users who are associated with that policy.