Roles and Permissions in Tenant View
How to setup roles and permissions in tenant view of the hub
Tenant view of the hub uses
Common Services: Identity & Access
Management (IAM) for access and role management. All users need a role in the
IAM system to access TSGs and TSG-based tenants. Using Identity and Access, you can
manage tenant users, service accounts, and access to various resources within Common
Services, and enterprise apps. You're required to assign roles for users but roles are
optional for service accounts. Users in the tenant view of the hub are not required to
be added to Customer Support Portal accounts unless needed to operate onboarding or
offboarding tasks.
Roles work as a union. If you assign a role to a user for a specific app and another role
for All Apps & Services, the user will get the union of both permissions. For
example, consider a scenario where a user is assigned a role for the Strata Logging
Service app with a role that does not allow download or share permissions. If that same
user is also assigned the Superuser role for All Apps & Services, the user is able
to download and share. The behavior is to check the specific app first and if the
permission isn't available, then check All Apps & Services. For more information
about what each role can do, you can view the permissions in the platform for each
role.