Assigning account roles to users

Assign account roles to a CDP user to manage the tasks that the user can perform in CDP. You can assign multiple roles to users or machine users to provide them with the permissions they need to perform their required tasks.

Required role: PowerUser

Steps

  1. Sign in to CDP.
  2. From the CDP home page, click Management Console.
  3. Click User Management.The Users page displays the list of all CDP users.
  4. Click the name of the user to whom you want to assign a role.The user details page displays information about the user.
  5. Click the Roles tab.
  6. Click Update Roles.
  7. On the Update Roles window, select the roles you want to assign to the user.To remove a role from the user account, clear the selected role.
  8. Click Update.The roles that you select displays in the list of roles assigned to the user.

    To remove a role from a user account, click check box next to the assigned role that you want to remove. Click Update to confirm that you want to revoke the role permissions.

You can use the following command to assign a role to a user or a machine user:

cdp iam assign-user-role \
--user-name <value> \
--role <value>

To remove a role from a user or a machine user:

cdp iam unassign-user-role \
--user-name <value> \
--role <value> 
cdp iam unassign-machine-user-role \
--machine-user-name <value> \
--role <value>

The --role parameter requires the CRN of the CDP role. You can use the cdp iam list-roles command to list resource roles with role CRNs.

To get a list of the roles assigned to a group:

cdp iam list-user-assigned-roles \
--user-name <value>
cdp iam list-machine-user-assigned-roles \
--machine-user-name <value>

What to do next

You need to perform user sync for the change to take effect. See Performing user sync.