Roles determine the level of access a user has within Anaconda Server. Some preconfigured roles have been embedded into Keycloak to provide users with varying levels of access to the software’s available features. If the default Anaconda roles described here do not suit your use case, you can create a custom role for your users.
Anaconda Server contains the following preconfigured roles for the Dev realm:
everyone: A non-authenticated user. Allows visibility into public channel and subchannel contents as well as group membership.
author: An authenticated user. Allows users to create new channels and subchannels, and provides user level access to your Team Notebooks server.
admin: The administrator role has full management permissions over all the features of Anaconda Server. The admin role is responsible for creating and maintaining mirrors in addition to managing users and CVE data. This role also provides admin level permissions to your Team Notebooks server.
Notebooks admin: An administrator role for the Team Notebooks server.
Notebooks author: Allows users to access the Team Notebooks server.
The admin role is not visible through Anaconda Server UI.
For Business-tier customers, Anaconda has two main user personas: IT administrators and everyone else. As an IT administrator, you are responsible for establishing and maintaining the users’ accounts and the resources available to them within Anaconda Server.
A composite role is built from other existing roles and provides the aggregated permissions of all the roles it’s composed of.In the following example, we create a composite role that allows an admin user on the master realm to manage users on the dev realm. However, you can use this same process to create admin roles with restricted access to managing other things on the dev realm.To create an admin role with restricted permissions:
Enter a name for your role and provide a brief description of its intended use.
Click Save. More tabs appear.
Open the Action dropdown menu and select Add associated roles.
If necessary, open the filter dropdown menu and select Filter by clients.To achieve the desired result of creating an admin user that can only view and manage users on the dev realm, select the following available client roles:
manage-users
query-users
view-users
Select available roles to associate their permissions with this composite role.
Default roles are permissions that are automatically applied to any newly created or imported user. Each realm has its own set of default roles that are applied to users created/imported on that realm. These are composite roles, and must be constructed of other existing roles.To set the default roles:
Any permissions that can be granted to an individual by assigning them a role can also be granted to multiple people by assigning the role to a group. This is exceptionally useful for Anaconda Server implementations that utilize an LDAP or Active Directory server.To assign roles to a group: