Administrators use roles to fine-tune authorization in the Wavefront environment:
- Create one or more roles and assign one or more permissions to each role.
- Create one or more groups and add one or more accounts to each group. Accounts can be user accounts or service accounts.
- Assign one or more roles to each group. It’s also possible to assign a role to individual users.
In addition to the global roles and permissions model, Wavefront also supports access control for individual objects, for example, administrators can limit access to a sensitive dashboard.
Manage Roles and Permissions
The Wavefront roles and permissions model allows you to make sure nobody can perform tasks without the corresponding permission – and this doc set lists the required permissions for most tasks.
Creating roles and assigning them to groups of users is most efficient and least error prone. It’s possible to grant permissions or assign a role to an individual account – that might make sense during a POC.
Create a Role
All users with Accounts, Groups & Roles permission can create roles.
To create a role:
Create a Group
All users with Accounts, Groups & Roles permission can create groups and add members and roles to the group. You can’t assign permissions to groups.
To create a group:
Assign a Role to a Group
Users with Accounts, Groups & Roles permission can assign roles when they create a group, or can add and remove roles later.
To assign a role to a group:
Grant or Revoke Account Permissions Explicitly
Assigning a role to a group of users is more efficient and leaves less room for error than granting or revoking account permission or assigning a role to an account. We support those two ways of managing permissions in part for compatibility.
The process of granting permissions is the same for users and for service accounts
You can grant a service account permissions when you create it or add permissions later from the Service Accounts / Users page or from the Edit Service Account / Edit User page.
The following example shows this for service accounts.
To grant or revoke permissions from the Service Accounts page:
To grant or revoke permissions from the Edit Service Account page: