Roles
A role is a collection of authorizations that defines a set of permissions. Roles are used to grant users the system and data access they need to fulfill a certain responsibility. A role can be assigned to users directly or through a group they are a member of.
Create a role
To create a role:
- Log in to Identity in your cluster, and click on the Roles tab.
- Click on the Create role button, and provide the following role details:
- Role ID: The unique identifier for the role.
- Name: The name of the role.
- Description: A description of the role.
- Click on the Create role button.
The role is created and can now be assigned to users or groups.
Update a role
To update a role:
- Log in to Identity in your cluster, and click on the Roles tab.
- Click on the pencil icon next to the role you want to update.
- Update the role details:
- Name: The name of the role.
- Description: A description of the role.
- Click on the Save button.
The role details are updated.
Delete a role
To delete a role:
- Log in to Identity in your cluster, and click on the Roles tab.
- Click on the Delete button next to the role you want to delete.
- Confirm the deletion by clicking on the Delete button in the confirmation dialog.
The role is deleted. The authorizations that were granted to the role will also be removed.
Assign authorizations to a role
See the authorization section to learn how to create authorizations for roles.
Manage users
Assign users to a role
To assign users to a role:
- Log in to Identity in your cluster, and click on the Roles tab.
- Click on the role you want to assign users to.
- Click on the Users tab.
- Click on the Assign user button.
- Type the username of the user you want to assign to the role, and click on the Assign user button.
For Self-Managed deployments with basic authentication, you must search for existing users.
The user is assigned to the role and inherits its permissions.
Remove users from a role
To remove users from a role:
- Log in to Identity in your cluster, and click on the Roles tab.
- Click on the role you want to remove users from.
- Click on the Users tab.
- Click on the Remove button next to the user you want to remove from the role.
- Confirm the removal by clicking on the Remove button in the confirmation dialog.
The user is removed from the role and loses any permissions that were granted through it.
Manage clients
In Self-Managed deployment, client management is only available for OIDC authentication.
Assign client to a role
To assign a client to a role:
- Log in to Identity in your cluster, and click on the Roles tab.
- Click on the role you want to assign a client to.
- Click on the Clients tab.
- Click on the Assign client button.
- Type the ID of the client you want to assign to the role, and click on the Assign client button.
The client is assigned to the role.
Remove client from a role
To remove a client from a role:
- Log in to Identity in your cluster, and click on the Roles tab.
- Click on the role you want to remove a client from.
- Click on the Clients tab.
- Click on the Remove button next to the client you want to remove from the role.
- Confirm the removal by clicking on the Remove button in the confirmation dialog.
The client is removed from the role.
Manage mapping rules
Camunda 8 Self-Managed onlyMapping rules are only available for OIDC authentication.
Assign mapping rules to a role
To assign mapping rules to a role:
- Log in to Identity in your cluster, and click on the Roles tab.
- Click on the role you want to assign mapping rules to.
- Click on the Mapping rules tab.
- Click on the Assign mapping rule button.
- Search for the ID of the mapping rule you want to assign to the role, and click on the Assign mapping rule button.
The mapping rule is assigned to the role.
Remove mapping rules from a role
To remove a mapping rule from a role:
- Log in to Identity in your cluster, and click on the Roles tab.
- Click on the role you want to remove mapping rules from.
- Click on the Mapping rules tab.
- Click on the Remove button next to the mapping rule you want to remove from the role.
- Confirm the removal by clicking on the Remove button in the confirmation dialog.
The mapping rule is removed from the role.