Assigning resource roles to a group

When you assign a resource role to a group, the resource role is also assigned to all user and machine user accounts in the group.


Management Console UI

  1. Sign in to the CDP console.
  2. From the CDP home page, click Management Console.
  3. Click Environments.
  4. In the list of environments, select your environment by clicking on it.

    The details page for the selected environment appears.

  5. Click Actions.
  6. Click Manage Access in the dropdown list.
  7. In the Access tab, enter the name of the group in the Select group or user text box.

    The Update Resource Roles window appears.

  8. Select the required resource role such as EnvironmentAdmin or EnvironmentUser.
  9. Click Update Roles.


You can use the following command to assign a resource role to a group:
cdp iam assign-group-resource-role \
--group-name <value> \
--resource-role-crn <value> \
--resource-crn <value> 
To remove a resource role from a group:
cdp iam unassign-group-resource-role \
--group-name <value> \
--resource-role-crn <value> \
--resource-crn <value>
  • The resource-role-crn parameter requires the CRN of the resource role you want to assign to the group.
  • The resource-crn parameter requires the CRN of the resource on which you want to grant the resource role permissions.

To get a list of the resource roles assigned to a group:

cdp iam list-group-assigned-resource-role \
--group-name <value>