Default roles and permissions
The default installation of IBM® Cloud Pak for Network Automation comes with default roles and permissions or privileges.
Default roles
The following roles are provided by default:
- Read Only
- A user with this role has view permission for the following items:
- Assembly descriptors
- Assembly instances
- Behavior scenario descriptors
- Behavior scenario executions
- Deployment locations
- Infrastructure keys
- Managed object instances
- Resource descriptors
- Resource instances
- Resource drivers
- Portal
- Includes the permissions for the Read Only role, and the following ones:
- Assembly instances: Add, delete
- Assembly instance states: Update
- Behavior scenario descriptors: Add, update, delete
- Behavior scenario executions: Update, delete
- Behavior scenarios: Run
- Managed object instances: Add, update, delete
- Resource drivers: Add, delete
- Resource packages: Onboard, delete
- SLMAdmin
- Includes the permissions for the Read Only and Portal roles, and the following ones:
- Assembly descriptors: Add, update, delete
- Assembly instances: Heal, scale
- Deployment locations: Add, update, delete
- Lifecycle management subscriptions: View, add, update
- Network service descriptor subscriptions: View, add, update
- Object groups: View, add, update, delete
- Resource descriptors: Add, delete
- Secrets: Read, write
- System administration: Update, view
- Virtual network function subscriptions: View, add, update
- RootSecAdmin
- A user with the RootSecAdmin role can add, update, delete, and view role definitions and other security credentials. A user with this role only cannot perform any other operations within the network automation software.
- Network Automation Tenant Admin
- A user with the Network Automation Tenant Admin role can add, update, delete, and view tenants.
- SPView
- A user with the SPView role can view all Site Planner objects. Site Planner objects include sites, devices, circuits, and more.
- SPEditor
- Includes the permissions for the SPView role and can add, update, and delete all Site Planner objects.
- SPAdmin
- A user with the SPAdmin role has the same permissions as the SPView and SPEditor roles, and can also access the Site Planner Admin location to view installed plug-ins and other internal settings.
Available permissions
The permissions that you can assign to a role are the following:
- Assembly Descriptors
- Add, update, delete, and view assembly descriptors.
- Assembly Instances
- Add, update, delete, and view assembly instances.
- Behavior Scenario Descriptors
- Add, update, delete, and view behavior scenario descriptors.
- Behavior Scenario Execution
- Update, delete, and view behavior scenario executions, and execute behavior scenarios.
- Deployment Location Management
- Create and view deployment locations.
- Infrastructure Keys
- View infrastructure keys.
- Intent Requests
- Run intents relating to management of assemblies; for example, create, delete or upgrade. Run intents relating to health operations on an assembly; for example, scale or heal. Also, permission to cancel, retry, or roll back processes that result from intent requests.
- Lifecycle management subscriptions
- Add, update, and view all lifecycle management (LCM) subscriptions.
- Network Automation Tenant Administration
- Add, update, delete, and view all tenants.
- Network Resource
- Add, update, delete, and view managed object instances.
- Network service descriptor subscriptions
- Add, update, and view all network service descriptor (NSD) subscriptions.
- Object Group Administration
- Add, update, delete, and view all object groups.
- Resource Descriptors
- Add, delete, and view resource descriptors.
- Resource Instances
- View resource instances.
- Resource Manager Drivers
- Add, delete, and view resource drivers.
- Resource Packages
- Onboard and delete resource packages that work with resource drivers.
- Security Administration
- Add, update, delete, and view secrets.
- Site Planner Administration
- Complete administration tasks for the Site Planner component.
- Site Planner Editing
- Add, update, delete, and view all Site Planner objects.
- Site Planner Viewing
- View all Site Planner objects.
- Site Planner Automation Contexts
- Update and view all Site Planner automation contexts, and triggers automation build or teardown requests on infrastructure objects.
- Site Planner Infrastructure
- Update and view all Site Planner infrastructure objects.
- Site Planner Managed Entities
- Update and view all Site Planner managed entities, and triggers automation build or teardown requests on managed entities.
- System Administration
- Update and view assembly instances, resource managers, deployment locations, credentials, and subscriptions objects. Access and monitor operational metrics in the Grafana UI.
- Virtual network function subscriptions
- Add, update, and view all virtual network function (VNF) subscriptions.