Creating and Updating User Roles¶
If the pre-defined roles delivered with UForge do not match with the permissions you want to allow users, you can either create a new role or modify an existing one.
To create a new role in the default organization:
$ uforge role create --name newrole --description “description of new role” -u $ADMIN -p $PASS
By default, this role will be empty (containing no entitlements). You can then add entitlements to a role by using the command:
$ uforge role entitlement add --name newrole --entitlements entitlement-name -u $ADMIN -p $PASS
You can also remove an entitlement from a role by using the command:
$ uforge role entitlement remove --name newrole --entitlements entitlement-name -u $ADMIN -p $PASS
You can add entitlements as part of the creation by using the
--entitlements option in the create command:
$ uforge role create --name newrole --description “description of new role” --entitlements entitlement-name studio_access -u $ADMIN -p $PASS
You cannot modify the “root” role.
Listing Roles Assigned to a User¶
To view the roles already assigned to a specific user, run the command:
$ uforge user role list --account <username> -u $ADMIN -p $PASS
Adding Roles to a Subscription Profile¶
If you want a group of users to have the same role, then you can add it to the subscription profile (refer to Managing Subscription Profiles). This means that all the users that are created with this subscription profile will have this role. However, this will apply only to the new users created, unless you use the option
$ uforge subscription role add --name sub --roles newrole --allusers -u $ADMIN -p $PASS
In the example above
sub is the name of the subscription profile.
Adding a Role to a User¶
Adding a specific role to a user (such as Administrator) is often only the first step in granting specific rights. You must then specify the entity (for an Administrator this would be the organization) for which the user has the newly assigned rights. See the examples later in this section.
To add a role to a user:
$ uforge user role add --account <username> --roles newrole -u $ADMIN -p $PASS
To add several roles to the same user:
$ uforge user role add --account <username> --roles role1 role2 -u $ADMIN -p $PASS
Deleting a Role from a User¶
To delete a role from a user:
$ uforge role delete --account <username> --roles roleA -u $ADMIN -p $PASS
If this is the only role assigned to a user, once deleted, the user will no longer have any roles. With no roles the user will only be able to view the UForge account and dashboard.