ELIAS role concept

Regardless of whether users are authenticated via Active Directory or via Keycloak, they obtain their access rights by by being assigned to one of the ELIAS roles Info, User or Admin. The rights of the three roles build on each other.

Info: View the content of images, no changes possible

User: Create and edit templates and images within a container

Admin: Manage container, delete software packages, import / edit certificates within a container

On top of this is the Global admin, who manages access rights, can manage multiple containers and change ELIAS settings. The Global admin is defined by an ELIAS access right with global access. Initially - directly after the installation - the local admin account is provided for this purpose. With the local admin account, you initially define the ELIAS access rights. An ELIAS access right contains the following:

You can see that the user and access management depends on the ELIAS access right. After you have defined an ELIAS access right with global access (Global admin), you are free to disable the local admin account.

List of ELIAS role rights

Feature   Admin User Info
Templates and images create
save (as)
edit
rename
solve
delete
sign
lock
export
X
Container export X
  create
import
rename
clean up
delete
X X
Container information view X
Software packages delete X X
Change log view
export
X
Notification history view X
Certificates view X
Certificates for package validation import X X
Certificates for image signing edit X X