Using RBAC with MyRackspace

Previous section: Use Role-Based Access Control (RBAC)

The account owner implements Role Based Access Control (RBAC) by adding users to the account and assigning roles. This article is intended to guide account owners through this process by using the Rackspace Dedicated.

For information about setting up RBAC through the API, see the Rackspace Identity API Guide.

Note: It is possible to assign a mix of multiple-product roles and per-product roles to one user through the API. The most permissive role determines the user's level of access.

Account Credentials

Rackspace recommends that you change the account password before adding new users to the account.

When new users are created, a temporary password is assigned to them. They should change the temporary password at their first login.

Also, new users receive an email from Rackspace notifying them that they have been added to the account. They receive information on how to sign up for an account in the email.

Create New Users

To create a new user, follow below steps:

Step 1. Log in to the Rackspace Dedicated Account.

Enter login credentials for dedicated account

Step 2. In the upper-right corner of the control panel, click Account > User Management.

Select User Management from the upper right corner

Step 3. On the Account/User List page, click Create New User.

Select create new user

Step 4. Enter information in the Create a User section.

Update the information for new user

Step 5. Click Create User button.

Once updated the information then click Create User button

Step 6. To Manage permissions in the Rackspace Dedicated Account portal select Account>Permissions.

Manage permissions select permissions under account

Note: To access the Permissions area in the MyRackspace Portal and modify another user’s permissions, you must have either Account Administrator permission or Admin permission. Account Administrator permission grants the user unlimited access to all sections of the MyRackspace Portal. Admin permission (on a device or service) grants the user the ability to access and manage the device or service.

Permission Types

There are two types of permissions available for Rackspace Dedicated Hosting accounts:

  • Direct permissions: These grant the user direct access to account permissions, linked cloud accounts, devices, or services.

  • Effective permissions: Users inherit effective permissions because of their memberships in user and product groups.

Effective permissions are inherited

You can use the four tabs as shown in below image to assign permissions in the following ways:

Assign different types of permission using four tabs
  • Assign by user
  • Assign by product
  • Manage groups
  • Global permissions

Assign By User

Using this method, you can choose a person and give them account-level Direct or Effective Permissions. By choosing the tabs on the Assign By User page, you can also restrict a user's access to any connected cloud accounts, devices, services, product groups, and group membership.

Assign by Users

To asign permissions by user, select a user and select from one of the tabs to update the user permissions as shown in below image.

Assign permission by user

Assign by User Groups
This method enables you to select a group of users and grant them:

  • Permissions at the account level
  • Access to linked cloud accounts, devices, services, or product groups
Assign permission by group

Assign By Products

This method enables you to manage user access to an individual product or product group.

To assign permissions by product or product group, perform the following steps:

Step 1. Select Assign By Product.

Select assign by product

Step 2. Make a selection from the Product or Product Group column, then below screen appears.

Select from product or product group

Step 3. Update the user, user group, or Group membership permission.

Step 4. Select Save Changes.

Manage Group

The Manage Groups tab enables you to create new User and Product groups and update members.

Create User Groups

Step 1. Select Manage Groups from top navigation bar.

Select manage group from top navigation

Step 2. At the top of the User Groups column, enter a name for the new group and select the green plus sign as shown in below image.

Enter name of the new group

Step 3. Select the Group Members to add and select Save Changes.

Create Product Group

Step 1. Select Manage Groups

Step 2. At the top of the User Product column, enter a name for the new group and select the green plus sign as shown in below image.

Enter name of the product group and click green plus symbol

Step 3. Select the Product to add and select Save Changes.

Grant Access to a User Group or Product Group

Use the following steps to grant access to a user group or product group:

Step 1. Select Manage Groups.

Step 2. Select an existing group from the User Groups or Product Groups column.

Select an existing group

Step 3. Select the member to add.

Select the member

Step 4. Select Save Changes.

Delete a User or Product Group
Use the following steps to delete a user or product group:

Step 1. Select Manage Groups from top navigation bar.

Step 2. Select an existing group from the User Groups or Product Groups column.

Select an existing user groups

Step 3. Select the Actions drop-down in the upper-right corner as shown in above image.

Step 4. Select Delete Group.

Global Permissions

The Global Permissions section lets you to make changes across your entire account.

Ticketing Settings enable you to control the tickets that your users have permission to see when those tickets include one or more devices.

The following table shows the ticketing settings that you need for common actions or views:

Ticket SettingFunctionality
Flexible Ticket Viewing (default setting)Enables users to see tickets that include a device that they have permission to view. For example, if a user has access to device A, they see all of the tickets that include device A, even if the ticket has other devices. If device C is later added to the ticket, the user can still see the ticket, even if the user does not have access to device C.
Strict Ticket ViewingRequires users to have access to all the devices on a ticket to see that ticket. For example, if a ticket includes device A and device B, the user must have permissions to both devices to see the ticket. If a ticket the user could see later includes device C, to which the user has no access, the user can no longer see the ticket.