You are browsing documentation for an outdated version. See the latest documentation here.

Add a Role and Permissions

Roles make it easy to logically group and apply the same set of permissions to admins. Permissions may be customized in detail, down to individual actions and endpoints.

Kong Gateway includes default roles for standard use cases, e.g. inviting additional super admins, inviting admins that may only read endpoints.

This guide describes how to create a custom role in Kong Manager for a unique use case. As an alternative, if a super admin wants to create a role with the Admin API, it is possible to do so using /rbac/roles. To add permissions to the new role, use /rbac/roles/{name_or_id}/endpoints for endpoints or /rbac/roles/{name_or_id}/entities for specific entities.

Prerequisites

• Authentication and RBAC are enabled
• You have super admin permissions or a user that has /admins and /rbac read and write access

Add a role and permissions

1. From the Admins page, click the Add Role button.

2. On the Add Role form, name the Role according to the Permissions you want to grant.

   It may be helpful for future reference to include a brief comment describing the reason for the permissions or a summary of the role.

3. Click the Add Permissions button and fill out the form. Add the endpoint permissions by marking the appropriate checkbox.

4. Click Add Permission to Role to see the permissions listed on the form.

5. To forbid access to certain endpoints, click Add Permission again and use the negative checkbox.

6. Submit the form to see the new roles appear on the admins page.