Assign an environment resource role to a group
To assign an environment to a group, assign a specific resource role on the scope of the specific environment.
Required roles:
- Owner or a role that allows administering the environment AND
- One of the following: IamViewer or IamUser (required for listing users).
- Sign in to the CDP console.
- From the CDP home page, click Management Console.
- Navigate to the Environments page.
- In the list of environments that appear, select an environment by clicking on it.
- From the Actions menu select Manage Access.
- In the Access tab, enter the name of the group in the text box.
- In the Update Resource Roles window, select the required resource role.
- Click Update Roles.
To assign a resource role to a group:
cdp iam assign-group-resource-role \
--group-name <value> \
--resource-role-crn <value> \
--resource-crn <value>
To remove a resource role from a group:
cdp iam unassign-group-resource-role \
--group-name <value> \
--resource-role-crn <value> \
--resource-crn <value>
- The resource-role-crn parameter requires the CRN of the resource role you want to assign to the group.
- The resource-crn parameter requires the CRN of the resource on which you want to grant the resource role permissions.
To get a list of the resource roles assigned to a group:
cdp iam list-group-assigned-resource-role \
--group-name <value>
What to do next
You need to perform user sync for the change to take effect. See Performing user sync.