Types of Roles in CNC Console

In CNCC, Role Based Access Control (RBAC) is controlled by third-party Identity Access Management (IAM) provider called Keycloak. Roles related to CNCC applications are defined in IAM.

Roles are predefined for CNCC application.

Roles are of 2 categories.

1. ADMIN

2. NF

ADMIN:

Role: ADMIN

User having this role has access to all resources (NF resources) within CNCC application.

Allowed Operations: CREATE, READ, UPDATE, DELETE

Composite Roles: All NF Level roles.

Example:If a user has ADMIN role, then the user can read, create, update, or delete any MOs configurations of any NFs that is supported by CNCC application.

NF:

NF level roles are divided further into:

1. <NF>_READ

2. <NF>_WRITE

Note:

<NF> is placeholder. Say for example, if CNCC supports POLICY and SCP NFs then, POLICY_READ, POLICY_WRITE, SCP_READ and SCP_WRITE roles would be defined for CNCC application in IAM.

Role: <NF>_READ

User having this role can only read configurations from all Managed Objects (MOs) within particular NF.

Allowed Operations: READ

NFs: One particular NF.

Composite Roles: No roles.

Example: If user has POLICY_READ then the user:

• Can only read configurations of any MOs configurations within the NF.
• Cannot write/update/delete any record.

Role: <NF>_WRITE

User having this role has access one particular NF and can perform CRUD operations.

Allowed Operations: CREATE, READ, UPDATE, DELETE

NFs: One particular NF.

Composite Roles: <NF>_READ role.

Example: If user has POLICY_WRITE then the user can read/write/update/delete any MOs configurations within the NF.