Update an RBAC Role

Before you begin

• You are an Organization or Tenant Admin within CD-as-a-Service.
• You have read Role-Based Access Control.

How to update a role

Perform the following to update a role or roles:

1. Update the existing role(s) in your RBAC config file.

2. Log into the CLI and apply the changes:

      armory login
      armory config apply -f <path-to-rbac-config>.yml

For example, you created the following roles:

roles:
  - name: Tenant Admin
    tenant: main
    grants:
      - type: api
        resource: tenant
        permission: full
  - name: Deployer
    tenant: main
    grants:
      - type: api
        resource: deployment
        permission: full
  - name: Tester
    grants:
      - type: api
        resource: deployment
        permission: full

You notice that the Tester role has no tenant defined, which means the role is organization-wide. Update your config file to add the tenant:

roles:
  - name: Tenant Admin
    tenant: main
    grants:
      - type: api
        resource: tenant
        permission: full
  - name: Deployer
    tenant: main
    grants:
      - type: api
        resource: deployment
        permission: full
  - name: Tester
    tenant: main
    grants:
      - type: api
        resource: deployment
        permission: full

Execute armory config apply -f <path-to-rbac-config>.yml to apply your changes.

You can check that you updated your role correctly by running armory config get.

The role name is case insensitive. “DeployM2m” is the same as “DeployM2M”, so if you want to change capitalization in a role name, you must delete the role and add a new role with the name’s corrected capitalization.

What’s next

• RBAC

  • Delete an RBAC Role

• User Role Management

  • Manage a User's RBAC Role
  • Create and Manage RBAC Roles
• Troubleshoot Role-Based Access Control

Last modified October 27, 2022: (a80a18d5)