Managing: Role-Based Access Control (RBAC)


Implementing RBAC through the Cloud Control Panel

The account owner implements RBAC by adding users to the account and assigning roles. This article will guide the account owner through this process using the Cloud Control Panel

For information about setting up RBAC through the API, see the Cloud Identity Admin Developer Guide.

     Note: It is possible to assign a mix multiple-product roles and per-product roles to one user through the API. The most permissive role will determine the user's level of access.

Account Credentials

Rackspace recommends that the account owner change the account password and secret question before adding new users to the account.

When new users are created, a temporary password is assigned to them, which they should change at their first login.

Also, new users must be informed that they have been added to the account. Rackspace does not notify them automatically. Account owners may use the following text to notify their users:

Your access to this account has changed. You have been added as a new user, and you must update your credentials (password and secret question) as soon as possible. See <Insert Name> for your temporary access information.

Creating New Users 

1. In the upper-right corner of the Cloud Control Panel, click userName (accountNumber).

2. From the menu, select User Management.

3. In the User Management box, click Create User.

4. Complete the Username, Password, Security Question, and Security Answer fields.  

     Note: Username must be unique. You cannot recover the username of a deleted user.

5. Select a role to assign to the user.

  • If the Custom role is chosen, go to step 6.
  • If the Full Access or Read-only Access role is chosen, skip to step 7.

6. In the Product Access section, select a role for each user. For optimal product interaction see Suggested Role Configurations. 

     Note: Once a user has been assigned the custom role, this role cannot be changed to a multi-product role through the Cloud Control Panel. For more information about changing a custom role to a full access or read-only access role see custom role.

7. In the Contact Information section, select the contact type.

8. Specify the contact’s name and email address.

9. If the primary contact’s details will be used for the user, slect the Use Primary Contact Details check box. Otherwise, specify the user's contact details.

10. Click Create User.

     Note: The Control Panel view is different for each user depending on the roles assigned.

Suggested Role Configurations 

Rackspace recommends the following custom role configurations for optimal product interaction.

PRODUCT IF: AND: THEN:
First Generation Cloud Servers

A user has been assigned any first gen Cloud Server role

 

In next gen Cloud Servers, give the user the Observer role (minimum action)

First Generation Cloud Servers  A user needs to backup an image The user has been assigned any first gen Cloud Server role  In first gen Cloud Servers & Cloud Files, give the user the Admin role 
Cloud Load Balancers

A user has been assigned any Cloud Load Balancers role

 

In first & next Generation Cloud Servers, give the user the Observer role (minimum action)

Cloud Load Balancers  A user wants to add a node by using "Add Nodes: Add Cloud Server ..." in the Cloud Control Panel The user has been assigned any Cloud Load Balancers role In first or next gen Cloud Servers, give the user any role 

Adding a User Login and Custom Role to an Existing Contact

1. In the User Management box, click the actions cog next to the contact's name.

2. Click Add Login...

3. Complete the Username, Password, Security Question, and Security Answer fields.

4. Click Save User Information after choosing the custom role.

5. Click the actions cog next to that user's name and configure the custom role.

Rackspace Customers with Multiple Accounts

Rackspace customers with more than one account may want to allow the same user to access to each account. In this situation, the account owner will need to configure that user with a different username for each account. The following graphic illustrates this scenario.

 

< Overview of RBAC   -   Using RBAC with MyRack >

 



Was this content helpful?




© 2011-2013 Rackspace US, Inc.

Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License


See license specifics and DISCLAIMER