Delete an RBAC Role

Before you begin

• You are an Organization or Tenant Admin within CD-as-a-Service.
• You have read Role-Based Access Control.

How to delete a role

Perform the following to delete a role or roles:

1. Add allowAutoDelete: true to the top of your RBAC config file.

2. Remove the role(s) from your RBAC config file.

3. Log into the CLI and apply the changes:

      armory login
      armory config apply -f <path-to-rbac-config>.yml

For example, you have a config file with the following roles:

roles:
  - name: Tenant Admin
    tenant: main
    grants:
      - type: api
        resource: tenant
        permission: full
  - name: Deployer
    tenant: main
    grants:
      - type: api
        resource: deployment
        permission: full
  - name: Tester
    tenant: main
    grants:
      - type: api
        resource: deployment
        permission: full

You want to delete the Tester role. Update your config file by adding autodelete: true to the top and removing the Tester role entry:

allowAutoDelete: true
roles:
  - name: Tenant Admin
    tenant: main
    grants:
      - type: api
        resource: tenant
        permission: full
  - name: Deployer
    tenant: main
    grants:
      - type: api
        resource: deployment
        permission: full

Execute armory config apply -f <path-to-rbac-config>.yml to apply your changes.

You can check that you deleted your role by running armory config get.

When you delete a role, that role is removed from existing users. You can accidentally remove the ability for your users to perform actions within CD-as-a-Service. A user with no role can still log into the UI but only sees a blank Deployments screen:

What’s next

• User Role Management

  • Manage a User's RBAC Role
  • Create and Manage RBAC Roles
• Troubleshoot Role-Based Access Control

Last modified October 27, 2022: (a80a18d5)