Roles

The Access Anywhere uses role-based access controls (RBAC) to grant or deny capabilities and access to resources based on a person's role within an organization. Used in combination with user-based permissions and access-control lists roles are a primary method of managing user access. Roles are also used to control access to certain Access Anywhere features.

Roles, like users, are managed per tenant organization. Roles (and users) can be imported from external authentication systems or added manually. External authentication systems may associate users by roles and/or by groups, both of which can be imported as Access Anywhere roles.

See also Identity and Access Management.

A user with a role of Administrator, or with a role that has “manage roles” permission can manage roles.

A user with a role of Administrator, or with a role that has “manage users” permission can assign roles to users.

Open up the configuration page:

A list of current roles is displayed. Click on the pencil to change the name of a role or it's permissions.

Only permissions relevant to enabled features in the organization are shown:

• create users - import or create users
• manage users - change user roles and permissions
• manage roles
• change default Team Cloud (Storage Provider)
• manage Team Clouds (Storage Providers)
• manage Team Trash
• manage auth systems
• manage Team Folders
• view Audit Event Logs
• manage versions - enabled if “hide versions” is on.
• recover files
• review Content Discovery
• approve files

If you will be using roles or groups from your identity service you will need to import them first. Leave the two default roles, (“Administrator”, “Member”) and select “Choose what roles to import”.

On the next page, you can enter a partial or full name in the “Role:” field to use as a filter before clicking “Get roles”

I chose to filter on “gs_” and can select all for import.

This process can be done many times until all desired groups are imported.

If you are doing this without importing, simply click Add new role and add the different roles you need to provide adequate segregation for your users.