Assigning account roles to a group

When you assign a role to a group, the role is also assigned to all user and machine user accounts in the group.

Steps

Management Console UI

Sign in to the CDP console.
From the CDP home page, click Management Console.
In the User Management section of the side navigation panel, click Groups.
The Groups page displays the list of the available CDP groups.
Click the name of the group to which you want to assign a role.
The details page displays information about the group.
Click the Roles tab.
Click Update Roles.
On the Update Roles window, select the roles you want to assign to the group.
To view the permissions that the role grants to the group, click Policies. To remove a role from the group, clear the selected role.
Click Update.
The roles that you select displays in the list of group roles.
To remove a role from a group, click Unassign Role next to the role that you want to remove. Click OK to confirm that you want to remove the role permissions from the group.

CLI

You can use the following command to assign a role to a group:

cdp iam assign-group-role \
--group-name <value> \
--role <value>

To get a list of the roles assigned to a group:

cdp iam list-group-assigned-roles \
--group-name <value>