Types of Roles in CNC Console
ADMIN Level:
NF Level:
In CNCC, RBAC is controlled by third-party Identity Access Management (IAM) provider called Keycloak. Roles related to CNCC applications are defined in IAM.
Roles are predefined for CNCC application.
Roles are categorized into 2 levels.
-
ADMIN
-
NF
Role: ADMIN
User having this role has access to all resources (NF resources) within CNCC application.
Allowed Operations: CREATE, READ, UPDATE, DELETE
NFs: All NFs that is supported by CNCC application.
Composite Roles: All NF Level roles.
Example: If user has ADMIN then:
- Can read, create, update, or delete any MOs configurations of any NFs that is supported by CNCC application.
NF level roles are divided further into:
-
<NF>_READ
-
<NF>_WRITE
Note:
<NF> is placeholder. Say for example, if CNCC supports PCF and SCP NFs then, PCF_READ, PCF_WRITE, SCP_READ and SCP_WRITE roles would be defined for CNCC application in IAM.Role: <NF>_READ
User having this role can only read configurations from all Managed Objects (MOs) within particular NF.
Allowed Operations: READ
NFs: One particular NF.
Composite Roles: No roles.
Example: If user has PCF_READ then :
-
Can only read configurations of any MOs configurations within the NF.
-
Cannot write/update/delete any record.
Role: <NF>_WRITE
User having this role has access one particular NF and can perform CRUD operations.
Allowed Operations: CREATE, READ, UPDATE, DELETE
NFs: One particular NF.
Composite Roles: <NF>_READ role.
Example: If user has PCF_WRITE then:
-
Can read/write/update/delete any MOs configurations within the NF.
