Skip to content

Managing roles

Roles provides a way to limit the tasks that can be performed by a user and within groups. For example, a user might have the role SLCProgrammer that allows users to create and edit program. The user might also be a member of a Programmer group that has the role AllProgramming enabling users to create, edit, or delete programs.

Altair SLC Hub provides predefined roles, such as User, BatchJobUser and PipelineDeveloper, that can be assigned to groups and users. These roles can be edited if required. You can also create roles that can be applied to groups and users. See the Altair SLC Hub Reference Guide for information on the predefined roles.

You can list the roles currently available as follows:

hubcli role list

The list returned provides the role name, date created and date modified. You can limit the number of roles returned in various ways; for example, filtering by creation date, or skipping a defined number of lines at the beginning of the line.

Defining a role for a group or user

Roles are managed using the hubcli role command.

To specify a role for group, you use the hucli role binding command. For example:

hubcli role binding add --group group1 --role ArtifactDeveloper

This adds the role ArtifactDeveloper to the group group1.

To specify a role for a user:

hubcli role binding add --user user1 --role ArtifactDeveloper

This adds the role ArtifactDeveloper to the user group1.

ArtifactDeveloper is a predefined role provided by Altair SLC Hub. You can also create your own roles.

Creating a role

Altair SLC Hub provides predefined roles that can be used to define the tasks that can be performed by users. You might, however, want to create your own roles. You can do this using the hucli role create command. For example:

hubcli role create ProgUser

This creates a new role prog that could be used when specifying a role for a group. For example:

hubcli role binding add --group group1 --role ProgUser

This adds the role ProgUser to the group group1.

The role has no permissions, however. To create permissions, you would have used a command similar to the following:

hubcli role create --object "/Artifacts" --actions read,write ProgUser

This creates the role ProgUser with permissions to read and write to the object /Artifacts.

Modifying a role

You can modify roles. You might, for example, want to rename a role, or change the objects and actions associates with a role. You can modify a role using the hubcli role modify command. For example:

hubcli role modify --object "/Artifacts" --resetPermissions --actions update --name ProgUserLtd ProgUser

This command modifies the the role ProgUser. The --resetPermissions argument is used to reset the the actions and objects already defined for the role; any previous object is removed, and the new object Artifacts with the update action.

If you had not specified --resetPermissions, and the object /Artifacts was already defined for the role, then the the action update1 would have been added to any existing actions. If the object specified was not already defined for the role, then the object would have been added to the object list with the specified action; for example:

hubcli role modify --object "/Artifacts2" --actions write ProgUserLtd

This adds the object /Artifacts2 to the list of objects defined for the role, with the action write.