You are browsing unreleased documentation. See the latest documentation here.
Add a Role and Permissions
Roles make it easy to logically group and apply the same set of permissions to admins. Permissions may be customized in detail, down to individual actions and endpoints.
Kong Gateway includes default roles for standard
use cases, e.g. inviting additional super admins,
inviting admins that may only read
endpoints.
This guide describes how to create a custom role in Kong
Manager for a unique use case. As an alternative, if a
super admin wants to create a role with the Admin API,
it is possible to do so using
/rbac/roles
.
To add permissions to the new role, use
/rbac/roles/{name_or_id}/endpoints
for endpoints or
/rbac/roles/{name_or_id}/entities
for specific entities.
Prerequisites
- Authentication and RBAC are enabled
- You have super admin permissions
or a user that has
/admins
and/rbac
read and write access
Add a role and permissions
-
From the Admins page, click the Add Role button.
-
On the Add Role form, name the Role according to the Permissions you want to grant.
It may be helpful for future reference to include a brief comment describing the reason for the permissions or a summary of the role.
-
Click the Add Permissions button and fill out the form. Add the endpoint permissions by marking the appropriate checkbox.
-
Click Add Permission to Role to see the permissions listed on the form.
-
To forbid access to certain endpoints, click Add Permission again and use the negative checkbox.
-
Submit the form to see the new roles appear on the admins page.