Role-based access control (RBAC) is a method of regulating access to computer or network resources based on the roles of individual users within your organization. Telco Cloud Automation defines three privileges to access the workflows.
- Workflow Read: The user can view the workflow instances using this privilege.
- Workflow Design: The user can design a workflow using this privilege.
- Workflow Execute: The user can execute a workflow using this privilege.
Note: If the context of the workflow execution is not "none" then the user needs NF/NS LCM permission to run workflows on the concrete NF/NS instance. The user may need more permissions based on the step input values of certain steps.
Telco Cloud Automation has two built-in default roles. They are:
- Workflow Designer: The user can read and design the workflows using this role.
- Workflow Executor: The user can read and execute the workflows using this role.
Uses of Role-Based Access Control for Workflows
- The users can design or execute any workflow using the built-in roles.
- You can restrict the roles of a user with advanced filters.
- You can use the name of the workflow to limit the permission to only access a specified set of workflows.
- You can always access the workflows you have created.
- If you want to prevent a user from accessing all workflow instances, then you can define an advanced filter with a random name as a designator.
- You can grant access to a user to an embedded workflow instance with the workflow read privilege, or the user can inherit it from having access to the catalog entry. This means that if the user can access a catalog entry, it gives the user implicit access to all the workflows embedded in a catalog.
- The workflow execution creator and system administrator can access the workflows.