Help Center User GuideGetting StartedFAQRelease Notes
 
X
User Guide
Getting Started
FAQ
Release Notes
Contents  

Role-Based Access Control Overview

Contrail Service Orchestration supports the authentication and authorization of users. Both service provider and tenant users access the pages within the unified Administration and Customer Portal based on their role and access permissions.

In addition to predefined roles, CSO enables you to add object-based custom roles. You can create custom roles and assign access privileges (read, create, update, delete, and other actions) to each role.

Table 117 shows predefined service provider, tenant, and OpCo roles and their access privileges.

Table 117: Roles and Access Privileges

Role

Role Scope

Access Privileges

SP Admin

Service Provider

Users with the SP Admin role have full access to the Administration Portal UI or API capabilities. They can use the UI or APIs to add one or more users with SP Admin, SP Operator, and custom roles. They can onboard tenants, and add the first tenant user during the tenant onboarding process. They can also add tenant administrators or operators by switching the scope to a specific tenant.

Note: When the SP administrator creates one or more operating companies under the service provider, the service provider is called a global service provider and the SP administrator is called the global SP administrator.

SP Operator

Service Provider

Users with the SP Operator role have read-only access to the Administration Portal UI and APIs.

Tenant Admin

Tenant

Users with the Tenant Admin role have full access to the Customer Portal UI and APIs. They can add one or more users with the Tenant Administrator or Tenant Operator roles.

Tenant Operator

Tenant

Users with the Tenant Operator role have read-only access to the Customer Portal UI and APIs.

OpCo Admin

Operating Company

Users with the OpCo Admin role have full access to the OpCo’s Administration Portal UI or API capabilities. They can use the UI or APIs to add one or more users with OpCo Admin, OpCo Operator, and custom roles. They can onboard tenants, and add the first tenant user during the OpCo’s tenant onboarding process. They can also add tenant administrators or operators by switching the scope to a specific tenant.

OpCo Operator

Operating Company

Users with the OpCo Operator role have read-only access to the OpCo’s Customer Portal UI and APIs.

Configure Site

Tenant

Only users with SP Admin role can configure a site by switching the scope to a specific tenant. By default, a tenant administrator cannot configure a site.

Related Documentation

Help us to improve. Rate this article.
Feedback Received. Thank You!

Ask questions in TechWiki

Check documentation in TechLibrary

Rating by you:      
X

Additional Comments

800 characters remaining

May we contact you if necessary?

Name:
Email:

Need product assistance? Contact Juniper Support

Submit