Default OCP roles

2023-08-22 02:46:05  Updated

This topic describes the default roles of OceanBase Cloud Platform (OCP) and their permissions.

Default OCP roles are built-in roles and cannot be deleted or edited.

The following table describes all default OCP roles:

Role Description Permission
ADMIN The system administrator role in OCP. This role has the maximum permissions in OCP. **
ALARM_MANAGER The management role for alerts in OCP. This role has management permissions to alerts and subscriptions and read-only permissions to the associated resources, including clusters, tenants, hosts, and users.
  • ALARM:READ
  • CLUSTER:*:READ TENANT:*:READ HOST:*:READ * USER:*:READ
    		•
    ALARM_VIEWER The read-only role for alerts in OCP. This role has read-only permissions on alerts, subscriptions, and the associated resources, such as clusters, tenants, hosts, and users. ALARM:*:READ CLUSTER:*:READ TENANT:*:READ HOST:*:READ * USER:*:READ
    AUDIT_VIEWER This role has permissions to view the OCP audit history, all historical audit events, and the user names and user IDs of all operators. AUDIT:*:READ
    BACKUP_MANAGER The management role for cluster backup and recovery. This role has permissions to manage the backup and recovery of all clusters and tenants managed by OCP, read-only permissions on hosts and alerts, and management permissions on tasks and software packages. If you want to add a host, you must have the host_manager role in addition. CLUSTER:*:BACKUP:*:* CLUSTER:*:READ CLUSTER:*:TENANT:*:READ HOST:*:READ ALARM:*:READ TASK:*:* * PACKAGE:*:*
    CLUSTER_MANAGER The management role for clusters. This role has permissions to manage all OceanBase clusters and OBProxy clusters managed by OCP and the resources associated with these clusters, such as hosts, background tasks, alerts, and software packages, and read-only permissions on users, which are a type of resource indirectly associated with the clusters. CLUSTER:*:* HOST:*:* TASK:*:* ALARM:*:* USER:*:READ PACKAGE:*:* * OBPROXY:*:*
    CLUSTER_VIEWER The read-only role for clusters. This role has read-only permissions on all OceanBase clusters and OBProxy clusters managed by OCP and the resources associated with these clusters, such as hosts, background tasks, alerts, and software packages. CLUSTER:*:READ HOST:*:READ TASK:*:READ ALARM:*:READ PACKAGE:*:READ OBPROXY:*:READ
    HOST_MANAGER The OCP host management role has the permission to manage all hosts and the resources (software packages) associated with these hosts. HOST:*:* PACKAGE:*:*
    HOST_VIEWER The OCP host read-only role has the permission to view all hosts and the resources (software packages) associated with these hosts. HOST:*:READ PACKAGE:*:READ
    INSPECTION_MANAGER The inspection manager role has the permission to read and write inspection rules and scripts, and to execute inspection rules. INSPECTION:*:*
    OBPROXY_MANAGER The management role for OBProxy. This role has the read-only permission for all OBProxy clusters and associated resources, and hosts, and the permission to manage software packages. OBPROXY:*:* PACKAGE:*:* CLUSTER:*:READ HOST:*:READ
    OBPROXY_VIEWER The read-only role for OBProxy. This role has the read-only permission for all OBProxy clusters that OCP manages and the resources associated, such as clusters, hosts, and software packages. OBPROXY:*:READ PACKAGE:*:READ CLUSTER:*:READ HOST:*:READ
    PACKAGE_MANAGER The role for management of software packages. PACKAGE:*:*
    PACKAGE_VIEWER The role has read-only permission for software packages. PACKAGE:*:READ
    PROFILE The personal profile role for OCP users. Removal of this basic user permission may result in read-only permission for all other modules. This role is used for logon and access to User Center. PROFILE:*:*
    PROPERTY_MANAGER The management role for the parameters in the system configuration of OCP. PROPERTY:*:*
    ROLE_MANAGER This role manages OCP roles. ROLE:*:*
    TASK_MANAGER The management role for background tasks in OCP. TASK:*:*
    TENANT_MANAGER The management role for tenants. This role has permissions to manage all the OceanBase tenants managed by OCP and read-only permissions on resources associated with the tenants, such as OceanBase clusters, hosts of OBProxy clusters, background tasks, and alerts. CLUSTER:*:TENANT:*:* CLUSTER:*:READ HOST:*:READ TASK:*:READ ALARM:*:READ OBPROXY:*:READ
    TENANT_VIEWER The read-only role for tenants. This role has read-only permissions on all OceanBase tenants managed by OCP and the resources associated with the tenants, such as OceanBase clusters, OBProxy clusters, hosts, background tasks, and alerts. CLUSTER:*:TENANT:*:READ CLUSTER:*:READ HOST:*:READ TASK:*:READ ALARM:*:READ OBPROXY:*:READ
    USER_MANAGER The role that manages OCP users. USER:*:*, ROLE:*:READ
    Last
    Next

    OceanBaseOceanBase

    OceanBase, A Highly Scalable Database for Transactional, Analytical, and AI Workloads.

    Company

    About OceanBaseContact UsPartner

    Product

    OceanBase CloudOceanBase EnterpriseQuick StartDownloadPricing

    Resources

    DocsBlogWhite PaperTrust Center

    Follow us

    LinkedInLinkedInDiscordDiscordTwitterTwitterYoutubeYoutubeForumForumGitHubGitHubStack OverflowStack Overflow

    © OceanBase 2024. All rights reserved | Cloud Service Agreement | Privacy Policy | Legal | Security

    Contact Us