HCP Vault Dedicated permissions
The following table lists HCP Vault Dedicated permissions based on Role-Based Access Control (RBAC).
HCP Vault Dedicated Permissions | Viewer | Contributor | Admin |
---|---|---|---|
Access audit logs | ❌ | ❌ | ✅ |
Create, edit, delete clusters | ❌ | ✅ | ✅ |
View clusters | ✅ | ✅ | ✅ |
Create, remove snapshots | ❌ | ✅ | ✅ |
View snapshots | ✅ | ✅ | ✅ |
Generate admin tokens | ❌ | ✅ | ✅ |
Lock/unlock clusters | ❌ | ✅ | ✅ |
Cluster scaling | ❌ | ❌ | ✅ |
Performance replication | ✅ | ✅ | ❌ |
Configure HCP user permissions
For additional information on managing users, groups, and permissions in the HashiCorp Cloud Platform, review the Identity and access management documentation.
Invite users
Note
If Single Sign-On is enabled, manage the users through the configured identity providers instead. The option to manually invite users as described in this section will not be available.
- Log into HCP Portal and choose your organization.
- Click Access Control (IAM) in the sidebar and click +Invite user.
- Enter their email address and click Add. You can repeat this step to continue adding users.
- Choose a role from the Assign role drop-down menu and click Invite. Refer to the User Permissions for information about the roles you can assign.
Manage users
You can remove user access or change roles from the Users screen. You must have admin permissions to invite and manage users.
- Log into HCP Portal and choose your organization.
- Click Access Control (IAM) in the sidebar.
- Click on a user name.
- You can perform the following actions:
- Click Remove to delete the user from your organization.
- Choose a new role from the Role drop-down menu.
- Click Save.
Manage permissions
Depending on the assigned roles, users have different level of permissions to perform actions in HCP.
Note
Users at the project level inherit permissions from the organization level. For example, you can assign a user viewer role on the organization level and the viewer role permissions will follow the user into projects within the organization.
Project-level permissions that are more permissive and additive to the organization-level role within the project. For example, you can assign a user viewer role on the organization level but assign a contributor role to a particular project within the organization. This effectively gives the user viewer role permissions across the organization but contributor role permissions to a particular project.
To narrow the scope of user permissions, you can set a role on the project level. To add a user to a project, you have to invite the user to the organization first.
- Select the target project.
- Click Access Control (IAM) in the sidebar.
- Select the username.
- From the Role drop-down menu, choose a project-level role to assign to the user. Refer to the project role tables for information about the roles you can assign.