Create and Manage Roles
Overview
The F5 NGINX Management Suite emphasizes role-based user access control. The suite includes a predefined admin
role for initial setup and administration, but it doesn’t stop there. Roles designed specifically for API Owners and Infrastructure Admins, for instance, let organizations finely delineate responsibilities and permissions. If these built-in roles don’t meet your needs, it’s easy to create your own.
Create Roles
Roles within NGINX Management Suite are a critical component of role-based access control (RBAC). By defining roles, you specify access levels and permissions for different user groups that map to groups in your Identity Provider (IdP).
NGINX Management Suite comes pre-configured with an administrator role called admin
. Additional roles can be created as needed.
The admin
user or any user with CREATE
permission for the User Management feature can create a role.
Here’s how to create a role and set its permissions:
-
In a web browser, go to the FQDN for your NGINX Management Suite host and log in.
-
Select the Settings (gear) icon in the upper-right corner.
-
Select Roles from the left navigation menu.
-
Select Create.
-
On the Create Role form, provide the following details:
- Name: The name to use for the role.
- Display name: An optional, user-friendly name to show for the role.
- Description: An optional, brief description of what the role is.
-
To add permissions:
-
Select Add Permission.
-
Choose the NGINX Management Suite module you’re creating a permission for from the Module list.
-
Select the feature you’re granting permission for from the Feature list. To learn more about features, refer to Getting Started with RBAC.
-
Select Add Additional Access to add a CRUD (Create, Read, Update, Delete) access level.
- Choose the access level(s) you want to grant from the Access list.
-
Select Save.
-
-
Repeat step 6 if you need to add more permissions for other features.
-
When you’ve added all the necessary permissions, select Save to create the role.
Example Scenario
Imagine you need to create an “app-developer” role. This role permits users to create and edit applications without allowing them to delete or perform administrative tasks. You would name the role ‘app-developer,’ select one or more features, and grant permissions that align with the requirements of application development, avoiding features and permissions that enable deletion or other administrative functions.
Edit Roles
To modify an existing role in NGINX Management Suite, follow the steps below:
-
In a web browser, go to the FQDN for your NGINX Management Suite host and log in.
-
Select the Settings (gear) icon in the upper-right corner.
-
From the left navigation menu, select Roles.
-
From the list, select the role you want to update.
-
Select Edit Role and make changes to any of the editable fields if needed:
- Display name: an optional, user-friendly name to show for the role
- Description: an optional, brief summary of what the role is
-
To add new permissions to the role:
-
Select Add Permission.
-
In the Module list, select the module you’re creating a permission for.
-
In the Feature list, select a feature you’re creating a permission for.
-
Select Add Additional Access to add a CRUD (Create, Read, Update, Delete) access level.
- In the Access list, select the access level(s) you want to grant.
-
Select Save.
-
-
To edit an existing permission for the role, select Edit found next to the permission name.
- On the Edit Permission form, you can modify the Module, Feature, current Access level or add more access options.
-
Once you’ve made all your changes, select Save.
Next Steps
Assign Roles to Users or User Groups
After creating RBAC roles, your next task in configuring RBAC is to assign these roles to the right users or user groups. This step ensures that permissions line up with individual responsibilities within the organization, creating a clear and understandable structure for access control.