What are Permission Roles?
Kion's permission system has multiple layers of control for flexibility in assigning permissions. This system relies on permissions, permission roles, and permission schemes.
Permission roles represent a functional role, such as Admin or Default user, that will be assigned individual permissions using one or more permission schemes.
A permission role can be used in multiple permission schemes for multiple objects.
Default Roles
Kion provides out-of-the-box default roles that make it easier to setup and onboard users for common personas. Default roles include recommended permissions for that role. By default, the system provides the following roles:
- Admin: Assigned all permissions
- Default User: Several "Browse" permissions, with added ability to submit project requests and generate API keys
- FinOps: Several "Browse" permissions, with added ability to manage financial features like funding sources, budgets, and enforcements
- Read-only/Auditor: Only assigned "Browse" permissions
- Security/Compliance: Permissions to manage Cloud Rules, Cloud Access Roles, and Compliance features
- Power User: Several "Browse" permissions, with ability to submit exemptions
System Managed roles are continuously synchronized. Assigned users will automatically receive any new permissions added to the system managed role.
When a system-managed role is cloned, the resulting role will be user-managed. Unlike the original, it won’t automatically receive permission updates, and assigned users won’t automatically receive new permissions like the original system-managed role.
What Next?