Use Role Based Access Control (RBAC)
Previous section: Learn about Role Based Access Control (RBAC)
The account owner implements Role Based Access Control (RBAC) by adding users to the account and assigning roles. This article is intended to guide account owners through this process by using the Cloud Control Panel.
For information about setting up RBAC through the API, see the Rackspace Identity API Guide.
Note: It is possible to assign a mix of multiple-product roles and per-product roles to one user through the API. The most permissive role determines the user’s level of access.
Rackspace recommends that you change the account password and secret question before adding new users to the account.
When new users are created, a temporary password is assigned to them. They should change the temporary password at their first login.
Also, new users must be informed that they have been added to the account. Rackspace does not notify them automatically. You can use the following text to notify your users:
Your access to this account has changed. You have been added as a new user, and you must update your credentials (password and secret question) as soon as possible. See name for your temporary access information.
Create new users
To create a new user, use the following steps:
- Log in to the Cloud Control Panel.
- In the upper-right corner of the control panel, click Account > User Management.
- On the User Management page, click Create User.
Enter information in the User Information section.
Note: The username must be unique. You can’t recover the username of a deleted user.
Select a Contact Type to assign to the user. RBAC has the following contact types:
These contact types are for reference only. They do not affect the user’s permissions.
In the Secret Question and Answer section, enter a Question and an Answer.
In the Rackspace Account Permissions section, you can either assign the user the Account Administrator role, or assign roles for the Billing and Payments area and the Support Tickets area separately.
To assign a user the account administrator role, click the toggle button next to Account Administrator.
Alternatively, to assign different permissions for different areas, scroll to the Area section and select the permission that you want to assign from the drop-down menu to the right of each area.
Optionally, in the Product Permissions section, assign product permissions to the user. Click the tab for a product, and then select from the permission options.
The Rackspace Cloud tab enables you to assign either global permissions for all Rackspace Cloud products, or per-product custom roles.
Note: For optimal product interaction, see the “Suggested role configurations” section of this article.
To assign per-product custom roles, choose Custom (Per Product Access) under Product Access. A list of Rackspace Cloud products appears. The default role for each product is No Access. To change the default value, select either Admin (View, Create, Edit, Delete) or Observer (View Only) from the drop-down menu for the product.
Note: Depending on the roles assigned, the Control Panel view is different for each user.
When you are finished, scroll to the bottom and click Create User.
Note: After a user is assigned a custom role, that custom role cannot be modified. However, if the user is later assigned the account administrator role at the account level, that action overwrites all product-level custom roles. For more information, see Known issues and suggested workarounds for RBAC.
Suggested role configurations
Rackspace recommends the following custom role configurations for optimal product interaction.
|Cloud Load Balancers||
A user has been assigned any Cloud Load Balancers role.
In Cloud Servers, give the user the Observer role (minimum action).
|Cloud Load Balancers||A user wants to add a node by using the Nodes > Add Cloud Servers option in the Cloud Control Panel.||The user has been assigned any Cloud Load Balancers role.||In Cloud Servers, give the user any role.|
A user wants to create a backup in Cloud Databases.
In Cloud Files, give the user the Admin role.
Rackspace customers with multiple accounts
Rackspace customers with more than one account might want to allow the same user to access each account. In this situation, the account owner must configure that user with a different username for each account. The following graphic illustrates this scenario.
©2019 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License