# Role Management

## 2.1. Role Management

### 2.1.1. Role Overview

* **Role**: The role of the user within the organization, defining the permissions that the user is capable of performing. 
* Currently, FPT IAM supports two basic roles: **Super Admin** and **Readonly**. Users can create Custom Roles with customizable permissions. 

### 2.1.2. View role list

You can view and manage the list of created roles on the Roles management page. 

To open **Roles Management**, follow these steps: 

* On the FPT Portal, under IAM, select Roles. The system will display a list including both Basic Roles and Custom Roles with the following information: 
* Name, Type (of role), Description, Status, Created at. 
* **Number of groups**: the number of groups currently assigned to the role 
* **Actions**: Delete, Edit Basic Information, Edit Permissions 

<figure><img src="https://2158065032-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FDB5fvsiFxYI972UDTv%2Fuploads%2FlAuScZvimUOs6WlUil9i%2Funknown.png?alt=media&#x26;token=4c1bbc66-9b9a-41d1-902e-8c899338b109" alt=""><figcaption></figcaption></figure>

### 2.1.3 Create and assign permissions to roles

To create a new Custom Role, follow these steps:

{% stepper %}
{% step %}
In the menu, select **IAM > Roles**, then choose Create Role.

<figure><img src="https://2158065032-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FDB5fvsiFxYI972UDTv%2Fuploads%2Flp357vX0lNQINEG7RYL0%2Funknown.png?alt=media&#x26;token=86ae7b82-6b5c-4f10-9d88-353650c4325d" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
On the **Create role** page, enter the required information

<figure><img src="https://2158065032-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FDB5fvsiFxYI972UDTv%2Fuploads%2FYKfF3WVChTWUBqzX4jgE%2Funknown.png?alt=media&#x26;token=066c4cb0-5185-4c92-81ee-fc540cd95a07" alt=""><figcaption></figcaption></figure>

* **Name**: Choose a name for the role (Required field - Name limits up to 100 characters. Only letters, numbers, underscores, hyphens, spaces, and dots are allowed. - Names cannot be duplicated).&#x20;
* **Description**: Describe the role. This field is optional.&#x20;
* **Permissions**: consists of 3 components&#x20;
* **Service type to be granted permissions**: list of services on the system (compute, storage, networking, etc.)&#x20;
* **Action**: Actions of the feature filtered by service type (e.g., Create Instance, Edit Instance, Delete Instance, etc.)&#x20;
* **Resource**: resources that the authorized user can interact with&#x20;
  {% endstep %}

{% step %}
Select **Service type**

The user clicks on the dropdown list to select the service type

<figure><img src="https://2158065032-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FDB5fvsiFxYI972UDTv%2Fuploads%2FXoTYzofxL7XS5lg8Ne3N%2Funknown.png?alt=media&#x26;token=14bcfb2b-0ee0-4b63-bfa8-a01879461aee" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
Select **Action**

* After the user selects the service type, the system will display a list of actions for that service&#x20;
* The user selects an action to assign permissions&#x20;

<figure><img src="https://2158065032-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FDB5fvsiFxYI972UDTv%2Fuploads%2F2dXRi5hnMPcDoYc7BKPX%2Funknown.png?alt=media&#x26;token=f4b9915c-8332-448b-a086-9c604583ec0a" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
Select the resource the user is authorized to act on. There are two options:&#x20;

* **All**: grant permissions for all resources on the tenant (all Projects and VPCs belonging to the tenant)

<figure><img src="https://2158065032-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FDB5fvsiFxYI972UDTv%2Fuploads%2Fhmj0VjjXuckFNDoyFIFU%2Funknown.png?alt=media&#x26;token=7e8ea08e-72ff-4471-bacd-eab34a9dc241" alt=""><figcaption></figcaption></figure>

* **Specific**: grant permissions to specific resources&#x20;

  * For virtual machine services: users can assign permissions to individual virtual machines&#x20;

  <figure><img src="https://2158065032-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FDB5fvsiFxYI972UDTv%2Fuploads%2FX4w1hcXe53xFg5ZZjcyc%2Funknown.png?alt=media&#x26;token=fb2b09a9-7c42-4855-96c8-9982b9511926" alt=""><figcaption></figcaption></figure>

  * For other services: users can grant permissions at the Project or VPC level

  <figure><img src="https://2158065032-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FDB5fvsiFxYI972UDTv%2Fuploads%2Fa19w78mlhLlU3oQcz2Tq%2Funknown.png?alt=media&#x26;token=f54432dc-b004-407b-946c-45ebc5ea06e5" alt=""><figcaption></figcaption></figure>

{% endstep %}

{% step %}
Select **Create**, and the system will proceed to create and notify the result.&#x20;
{% endstep %}
{% endstepper %}

### 2.1.4. View Role Details

{% stepper %}
{% step %}
In the menu, select **IAM > Roles**, and the system will display the Role Management page.
{% endstep %}

{% step %}
Select the role whose information you want to view from the list. The system will display the Name, Description, and Permissions list for the role.&#x20;

<figure><img src="https://2158065032-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FDB5fvsiFxYI972UDTv%2Fuploads%2FRVJzelf3jOymMuY27wGB%2Funknown.png?alt=media&#x26;token=de4c71fb-f7af-4ced-b8fc-06d47b156af3" alt=""><figcaption></figcaption></figure>
{% endstep %}
{% endstepper %}

### 2.1.5. Edit Role & Permissions

You can change the information and permissions of Custom Roles by following these steps.

{% stepper %}
{% step %}
In the menu, select **IAM > Roles**. The system will display the Role Management page.

<figure><img src="https://2158065032-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FDB5fvsiFxYI972UDTv%2Fuploads%2FPWeOaCTf1pZBLkLUskrg%2Funknown.png?alt=media&#x26;token=b7adc881-c195-4500-997e-5a96ddb1def7" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
Select **Action** at the end of the Custom Role you want to update from the list.&#x20;

Select Edit Basic Information or Edit Permissions. &#x20;
{% endstep %}

{% step %}
Change the Role information

* Edit Basic Information

<figure><img src="https://2158065032-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FDB5fvsiFxYI972UDTv%2Fuploads%2Fu0pvwTr6UMtbZSyfp7rh%2Funknown.png?alt=media&#x26;token=54787d28-b38e-4258-a151-3c789235d529" alt=""><figcaption></figcaption></figure>

* Edit Permissions

<figure><img src="https://2158065032-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FDB5fvsiFxYI972UDTv%2Fuploads%2FMZ7Oa6S8RDcKoNPskh7q%2Funknown.png?alt=media&#x26;token=45b744a0-0e37-4916-8cac-3a7ad6769e6f" alt=""><figcaption></figcaption></figure>

**Note: When a role changes, it will affect the access rights of all Users in the User Groups assigned that role.**
{% endstep %}
{% endstepper %}

### 2.1.6 Deleting Roles

For Custom Roles that are no longer needed, you can delete them by following these instructions:

{% stepper %}
{% step %}
In the menu, select **IAM > Roles**, and the system will display the Role Management page.
{% endstep %}

{% step %}
Select **Action** at the end of the Custom Role you want to delete from the list. Select **Delete**.

<figure><img src="https://2158065032-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FDB5fvsiFxYI972UDTv%2Fuploads%2FTxkM5SiwPATwveNn8SVe%2Funknown.png?alt=media&#x26;token=7955d2f0-4cde-46a4-98a2-17cd462aa5c0" alt=""><figcaption></figcaption></figure>
{% endstep %}

{% step %}
Confirm the warning information in the popup and select **Delete.**

<figure><img src="https://2158065032-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2F2FDB5fvsiFxYI972UDTv%2Fuploads%2FibYaxUIzWmThCh0hkGfi%2Funknown.png?alt=media&#x26;token=7cbd4d0b-21ca-467e-9382-8ca1affae46e" alt=""><figcaption></figcaption></figure>

**Note: You can only delete a Role from the system if it is not currently associated with any User Group.**
{% endstep %}
{% endstepper %}