Skip to main content

User Role Management

Introduction

Applications can provide access and permission to a role and assign that role to multiple Users to ensure that they have the same access and permission.

A role typically applies to one type of user. For instance, an organisation may include admin, manager, employee and user roles.

The following Roles can be selected (Single/Multiple) as per requirement:

  • Create-Client
  • Impersonation
  • Manage-authorization
  • Manage-claims
  • Manage-clients
  • Manage-events
  • Manage-identity-providers
  • Manage-realm
  • Manage-users
  • Query-clients
  • Query-groups
  • Query-realms
  • Query-users
  • View-authorization
  • View-claims
  • View-clients
  • View-events
  • View-identity-providers
  • View-realm
  • View-users

Super Admin Access

In the Master Tenant, when admin role is assigned to the User, the User becomes a Super Admin. With this Admin Role a User will act as a Super Admin with access to manage the entire IDP.

How to assign Admin Role:

Step 1: Navigate to the required User.

Step 2: Click on Role Mappings and select admin from the Available Roles.

Step 3: Press Add selected button.

Step 4: With this permission, the User will have access to all KOBIL IAM functions.

User Role Management

Admin Access

The User becomes Admin of the required tenant when all the roles are selected for the specific tenant. Admin Access can be set for a Tenant’s User in two ways.

1. Multiple Tenant access can be given to the user from the Master Tenant.

Procedure:

Step 1: Navigate to the required User.

Step 2: Click on Role Mapping -> Set the client roles to the required Tenant.

Step 3: Under Available Roles

  • Select all from the dropdown list and click on Add selected button. This will allow the new User to have Admin access for the selected Tenant.
  • Access points can also be selected individually based on the requirements.

User Role Management

2. Admin access can be given from the specific Tenant.

Procedure:

Step 1: Navigate to the required User.

Step 2: Navigate to Role Mappings -> Set the Client roles to realm-management.

Step 3: Under Available Roles, Select realm-admin.

Step 4: Click on Add selected. (NOTE: This will automatically give access to all the Roles available which makes the User to be Admin for the particular tenant.)

Step 5: Access points can also be selected individually based on requirements.

User Role Management

Composite Roles

It is a role that has one or more additional access associated with it. When a composite role is mapped to a User, the User will have the effective roles associated with the composite role.

How to add Composite Role:

Step 1: Navigate to Roles under the Configure menu.

Step 2: Under Realm Roles, Click on Add Role.

Step 3: Enter the required Role Name.

Step 4: Toggle Composite Roles to ON.

Step 5: Realm Roles and Client Roles will be visible and the necessary access points can be selected.

Step 6: Click on Add selected. This will map the selected access to the created role.

Step 7: This Role will be visible under the Role Mapping upon creating a new User.

For instance,

1. Developer Role:

With this role a User has complete view access along with Manage access for the required User. With Manage-users access, the user can create, update or delete any users in the Tenant.

Required Roles:

  • View-authorization
  • View-claims
  • View-clients
  • View-events
  • View-identity-providers
  • View-realm
  • View-users
  • Manage-users
  • Create-clients

User Role Management

2. Help Desk:

With this role the User has complete view/read access in the Tenant.

Required Roles:

  • View-authorization
  • View-claims
  • View-clients
  • View-events
  • View-identity-providers
  • View-realm
  • View-users

User Role Management

Under the Role Mappings tab while creating a new user, you can select the required role from the Available Roles.

User Role Management

The below table shows the different permission access for the roles created:

(*) - Only for the specific tenants the admin has access

PermissionSuper AdminAdminDeveloperHelp Desk
Create Tenant
Create Clients
Manage Authorization
Manage Claims
Manage Clients
Manage Events
Manage Identity Providers
Manage Realm*
Manage Users
Query Clients
Query Groups
Query Realms
Query Users
View Authorization
View Claims
View Clients
View Events
View Identity Providers
View Realms*
View Users