Assign an environment resource role to a group

To assign an environment to a group, assign a specific resource role on the scope of the specific environment.

Required roles:
  • Owner or a role that allows administering the environment AND
  • One of the following: IamViewer or IamUser (required for listing users).
In order to assign a role, a user must have all rights from the role that they are planning to assign to another user; That is, a user can only assign a role higher than his own.
  1. Sign in to the CDP console.
  2. From the CDP home page, click Management Console.
  3. Navigate to the Environments page.
  4. In the list of environments that appear, select an environment by clicking on it.
  5. From the Actions menu select Manage Access.
  6. In the Access tab, enter the name of the group in the text box.
  7. In the Update Resource Roles window, select the required resource role.
  8. Click Update Roles.

To assign a resource role to a group:

cdp iam assign-group-resource-role \
--group-name <value> \
--resource-role-crn <value> \
--resource-crn <value> 

To remove a resource role from a group:

cdp iam unassign-group-resource-role \
--group-name <value> \
--resource-role-crn <value> \
--resource-crn <value>
  • The resource-role-crn parameter requires the CRN of the resource role you want to assign to the group.
  • The resource-crn parameter requires the CRN of the resource on which you want to grant the resource role permissions.

To get a list of the resource roles assigned to a group:

cdp iam list-group-assigned-resource-role \
--group-name <value>

What to do next

You need to perform user sync for the change to take effect. See Performing user sync.