Granting and revoking organization roles

This article explains how to grant and revoke roles to organizations as a Cloud Identity Plane administrator.

About permissions and roles in CIP

Permissions and roles provide access control in systems where CIP is used to provide identity management. Additionally, roles allow you to set up fine-grained access control by applying a specific object constraint (for example, permission can be limited to a specific device, user or organization).

Roles can be assigned to organizations as explained in this article.

Prerequisites

  • Administrator account in CIP

Grant a role to an organization


  1. Select Organizations from the sidebar.

    Result

    The ORGANIZATIONS view opens and shows the list of your organizations.

  2. In the ORGANIZATIONS view, select a user from the organizations list.

  3. In the ORGANIZATION DETAILS view, select the meatballs menu () > Grant role.

    Result

    The GRANT ROLE pop-up window opens.

  4. In the GRANT ROLE pop-up window, select a role from the drop-down list.

  5. Select Grant role to confirm your choice.

    Result

    The role is granted to the organization as indicated by the system message.

Revoke a role from an organization

The procedure for revoking a role from an organization is essentially the same as for granting one - you only need to select a different menu option.

  1. Select Organizations from the sidebar.

    Result

    The ORGANIZATIONS view opens and shows the list of your organizations.

  2. In the ORGANIZATIONS view, select a user from the organizations list.

  3. In the ORGANIZATION DETAILS view, select the meatballs menu () > Revoke role.

    Result

    The REVOKE ROLE pop-up window opens.

  4. In the REVOKE ROLE pop-up window, select a role from the drop-down list.

  5. Select Revoke role to confirm your choice.

    Result

    The role is revoked from the organization as indicated by the system message.

If you want to learn how to create roles and permissions, read Managing roles and permissions.