Managing access

Role-based access control (RBAC) is used to grant individual users the permission to perform specific actions. Permissions are grouped into user roles, and each user is assigned at least one user role.

By using permissions, you give users appropriate levels of access and capability. For example, you can use permissions to allow users to:
  • Grant password reset tokens to other users who have forgotten their passwords.
  • Edit a local user’s metadata.
  • Deploy Puppet code to specific environments.
  • Edit class parameters in a node group.

You can do access control tasks in the console or with the RBAC API.