Roles

This page describes Roles in Lenses.

Lenses IAM is role-based. Roles contain one or more policies. Each policy defines actions a user is allowed to perform on resources.

Roles are then assigned to groups.

Role Policies

Policies are resource-based. They are YAML documents attached to a role.

Each policy has:

Action
Resource
Effect

The resource is the name of the resource. This is defined by the creator of the resource.

Action

The action describes the action or verb that a user can perform. The format of the action is

service:operation

For example, to list topics in Kafka:

policy:
  - action:
      - kafka:ListTopics

For a full list of the actions see Permission Reference.

To allow all actions set '*'

Resource

Resources scope a policy to specific entities. For example, to only allow topics that start with red, use the resource field.

For a full list of the actions see Permission Reference.

To allow all actions set '*'

Effect

Effect is either allow the action on the resource or deny. If allow is not set the action will be denied and if any policy for a resource has a deny effect it takes precedence.

Create a Role

To create a role, go to IAM → Roles → New Role.

You can also manage roles via the CLI and YAML, for CI/CD automation.

terminal

➜  lenses roles
Manage Roles.

Usage:
  lenses roles [command]

Available Commands:
  create      Creates a new role.
  delete      Deletes a role.
  get         Returns a specific role.
  list        Returns all roles.
  metadata    Manages role metadata.
  update      Updates a role.

PreviousGroups NextService Accounts

Last updated 1 day ago

Was this helpful?

Good evening

hashtagRole Policies

hashtagAction

hashtagResource

hashtagEffect

hashtagCreate a Role

Role Policies

Action

Resource

Effect

Create a Role