: Roles and Permissions in Tenant View
Focus
Focus

Roles and Permissions in Tenant View

Table of Contents

Roles and Permissions in Tenant View

How to setup roles and permissions in tenant view of the hub
Tenant view of the hub uses Common Services: Identity & Access Management (IAM) for access and role management. All users need a role in the IAM system to access TSGs and TSG-based tenants. Using Identity and Access, you can manage tenant users, service accounts, and access to various resources within Common Services, and enterprise apps. You're required to assign roles for users but roles are optional for service accounts. Users in the tenant view of the hub are not required to be added to Customer Support Portal accounts unless needed to operate onboarding or offboarding tasks.
Roles work as a union. If you assign a role to a user for a specific app and another role for All Apps & Services, the user will get the union of both permissions. For example, consider a scenario where a user is assigned a role for the Strata Logging Service app with a role that does not allow download or share permissions. If that same user is also assigned the Superuser role for All Apps & Services, the user is able to download and share. The behavior is to check the specific app first and if the permission isn't available, then check All Apps & Services. For more information about what each role can do, you can view the permissions in the platform for each role.
If your app instance is transitioned to a tenant or tenant service group (TSG), see where are my roles? for a mapping of previous roles to IAM roles.
For steps to configure and manage roles and permissions, see Common Services: Identity and Access