|
| 1 | +--- |
| 2 | +description: |
| 3 | +docs: |
| 4 | +doctypes: |
| 5 | +- reference |
| 6 | +tags: |
| 7 | +- docs |
| 8 | +title: "Overview: set up custom roles" |
| 9 | +toc: true |
| 10 | +weight: 500 |
| 11 | +--- |
| 12 | + |
| 13 | +Beyond [Default roles]({{< relref "/nginx-one/rbac/roles.md" >}}), you may need to set up custom roles. For convenience, we include a list of API groups that you could use to specify permissions for custom roles. |
| 14 | + |
| 15 | +These are not NGINX One APIs. |
| 16 | + |
| 17 | +## F5 API groups for NGINX One |
| 18 | + |
| 19 | +The following table lists the **[API Groups](https://docs.cloud.f5.com/docs-v2/administration/how-tos/user-mgmt/roles)** that you can use when you create an F5 XC role. These are narrowly scoped API Groups that align with all the features and functionality within the NGINX One Console. These groups can help you create custom roles tailored to your specific needs. |
| 20 | + |
| 21 | +{{< note >}}If you create custom roles using the more granular API Groups, as new features are added to the Console your users may not have access until you add the corresponding API Groups to their roles.{{< /note >}} |
| 22 | + |
| 23 | +| API Group Name | Level of Access | Description | |
| 24 | +|-----------------------------------------|-----------------|-------------------------------------------------------------------------------------------------------------------------------| |
| 25 | +| f5xc-nginx-one-application-monitor | Read | View all features and data. | |
| 26 | +| f5xc-nginx-one-application-settings | Write | View and update settings. | |
| 27 | +| f5xc-nginx-one-application-write | Write | View and edit all features except settings. | |
| 28 | +| f5xc-nginx-one-custom-all-instances-metric-read | Read | View metrics for all Instances. Required to see the Overview dashboard. | |
| 29 | +| f5xc-nginx-one-custom-instance-list | Read | View list of all Instances. Also view summarized information such as certificate status and CVEs. | |
| 30 | +| f5xc-nginx-one-custom-all-instances-manage | Write | View and delete all Instances. | |
| 31 | +| f5xc-nginx-one-custom-instance-manage | Write | View and edit Instance details. | |
| 32 | +| f5xc-nginx-one-custom-instance-read | Read | View Instance and configuration details. | |
| 33 | +| f5xc-nginx-one-custom-certificate-manage | Write | View TSL/SSL certificate details. Create, update, and delete any managed certificates. | |
| 34 | +| f5xc-nginx-one-custom-certificate-read | Read | View TLS/SSL certificates. | |
| 35 | +| f5xc-nginx-one-custom-all-certificates-manage | Write | View all TLS/SSL certificates. Delete managed certificates. | |
| 36 | +| f5xc-nginx-one-custom-data-plane-key-manage | Write | View, create, update, and delete any Data Plane Keys. Note: The actual Data Plane Key is shown _only_ when created. | |
| 37 | +| f5xc-nginx-one-custom-data-plane-key-read | Read | View Data Plane Key Details. Note: The actual Data Plane Key is shown _only_ when created. | |
| 38 | +| f5xc-nginx-one-custom-all-data-plane-keys-manage | Write | View and delete Data Plane Keys. | |
| 39 | +| f5xc-nginx-one-custom-cve-read | Read | View NGINX CVEs. | |
| 40 | +| f5xc-nginx-one-custom-config-sync-group-manage | Write | View, create, update, and delete Config Sync Groups. | |
| 41 | +| f5xc-nginx-one-custom-config-sync-group-read | Read | View Config Sync Groups with details. | |
| 42 | +| f5xc-nginx-one-custom-all-config-sync-groups-manage | Write | View and delete Config Sync Groups. | |
| 43 | +| f5xc-nginx-one-custom-settings-manage | Write | View and update NGINX One Console Settings. | |
| 44 | +| f5xc-nginx-one-custom-settings-read | Read | View NGINX One Console Settings. | |
| 45 | +| f5xc-nginx-one-custom-event-read | Read | View NGINX One Events. | |
| 46 | +| f5xc-nginx-one-custom-ai-assistant | Write | Interact with the NGINX One AI Assistant. | |
| 47 | +| f5xc-nginx-one-custom-staged-config-manage | Write | View, create, update, and delete Staged Configs. | |
| 48 | +| f5xc-nginx-one-custom-staged-config-read | Read | View Staged Configs. | |
0 commit comments