Roles and permissions

Different user roles that are assigned within your enterprise define the various tasks required to install, configure, and use IBM Cloud Pak for Integration.

By relying on a separation of roles and tasks, the Cloud Pak for Integration installation workflow can proceed with as few restrictions as possible.

Administrator and developer roles

Administrator: There are two administrator roles:

  • Cluster administrator - includes administrative control in Red Hat OpenShift

  • Automation administrator - includes tasks specific to the Cloud Pak

Developer: The Automation analyst, Automation developer, and Automation operator roles can use capabilities to create integrations in Cloud Pak for Integration.

The following table describes the types of tasks (and associated permissions) associated with each role. Note that each role also includes the permissions for the roles below it (for example, an OpenShift cluster administrator can also deploy capabilities and use them).

Role Description Actions (permissions)
Cluster administrator Performs tasks in the OpenShift web console (as an Administrator) or in the CLI. Administering: Allocates CPU, memory and storage to nodes; create projects (namespaces) on OpenShift Container Platform; downloads the cloudctl CLI for air-gapped installation; downloads the oc CLI. Planning: Prepares an OpenShift cluster on managed cloud. Installing: Adds catalog sources, installs operators, applys the entitlement key, deploys Cloud Pak for Integration, uninstalls Cloud Pak for Integration and the IBM Cloud Pak Platform UI. Upgrading: Performs all Upgrading tasks.
Automation administrator Performs tasks in the OpenShift web console (as a Developer) or in the IBM Cloud Pak Platform UI. Must have Administrator permission on one or more namespaces into which they deploy products. Installing: Deploys and uninstalls instances of capabilities. Upgrading: Upgrades capabilities. Administering: Optionally integrates with the IAM service, secures communication ports.
Automation analyst, Automation developer, Automation operator Performs developer tasks. Uses installed instances of capabilities to create integrations.

Default roles

Permission: If the default admin user needs to upgrade deployed Cloud Pak for Integration instances in IBM Cloud Pak Platform UI, they must first have the automation_administrator permission added (on the User management page).