Create and manage roles

Overview

NGINX Instance Manager emphasizes role-based access control (RBAC) to manage user permissions. A predefined admin role is available for initial setup and administration, but you can create custom roles to match specific responsibilities, such as for API Owners or Infrastructure Admins. This lets organizations fine-tune access and permissions to suit their needs.

Create roles

Roles in NGINX Instance Manager are a critical part of role-based access control (RBAC). By creating roles, you define the access levels and permissions for different user groups that correspond to groups in your Identity Provider (IdP).

NGINX Instance Manager comes pre-configured with an administrator role called admin. Additional roles can be created as needed.

The admin user or any user with CREATE permission for the User Management feature can create a role.

Follow these steps to create a role and set its permissions:

  1. In a web browser, go to the FQDN for your NGINX Instance Manager host and log in.

  2. Select the Settings (gear) icon in the upper-right corner.

  3. From the left navigation menu, select Roles.

  4. Select Create.

  5. On the Create Role form, provide the following details:

    • Name: The name to use for the role.
    • Display Name: An optional, user-friendly name to show for the role.
    • Description: An optional, brief description of the role.

  6. To add permissions:

    1. Select Add Permission.
    2. Choose the NGINX Instance Manager module you’re creating the permission for from the Module list.
    3. Select the feature you’re granting permission for from the Feature list. To learn more about features, refer to Get started with RBAC.
    4. Select Add Additional Access to choose a CRUD (Create, Read, Update, Delete) access level.
      • Choose the access level(s) you want to grant from the Access list.
    5. Select Save.

  7. Repeat step 6 if you need to add more permissions for other features.

  8. When you’ve added all the necessary permissions, select Save to create the role.

Example scenario

Suppose you need to create an “app-developer” role. This role allows users to create and edit applications but not delete them or perform administrative tasks. You would name the role app-developer, select the relevant features, and grant permissions that align with the application development process while restricting administrative functions.

Edit roles

To modify an existing role in NGINX Instance Manager, follow these steps:

  1. In a web browser, go to the FQDN of your NGINX Instance Manager host and log in.

  2. Select the Settings gear icon in the upper-right corner.

  3. From the left navigation menu, select Roles.

  4. From the list, select the role you want to update.

  5. Select Edit Role and make changes to any of the editable fields if needed:

    • Display name: an optional, user-friendly name for the role
    • Description: an optional, brief summary of the role

  6. To add new permissions to the role:

    1. Select Add Permission.

    2. In the Module list, select the relevant module.

    3. In the Feature list, select the feature you’re assigning permissions for.

    4. Select Add Additional Access to grant a CRUD (Create, Read, Update, Delete) access level.

      • In the Access list, select the access level(s) you want to assign.

    5. Select Save.

  7. To edit an existing permission, select Edit next to the permission name.

    1. In the Edit Permission form, modify the Module, Feature, or access levels as needed.

  8. After making your changes, select Save.

Next steps

Assign roles to users or user groups

Once you’ve created roles, assign them to users or user groups to ensure that permissions align with responsibilities. This helps maintain clear and organized access control.

Last modified November 8, 2024