ELIAS role concept
Regardless of whether users are authenticated via Active Directory or via Keycloak, they obtain their access rights by by being assigned to one of the ELIAS roles Info, User or Admin. The rights of the three roles build on each other.
Info: View the content of images, no changes possible
User: Create and edit templates and images within a container
Admin: Manage container, delete software packages, import / edit certificates within a container
On top of this is the Global admin, who manages access rights, can manage multiple containers and change ELIAS settings. The Global admin is defined by an ELIAS access right with global access. Initially - directly after the installation - the local admin account is provided for this purpose. With the local admin account, you initially define the ELIAS access rights. An ELIAS access right contains the following:
- Relevant users (AD or Keycloak)
- ELIAS role with rights
-
Container to which the ELIAS role rights refer
- Option for global access
You can see that the user and access management depends on the ELIAS access right. After you have defined an ELIAS access right with global access (Global admin), you are free to disable the local admin account.
List of ELIAS role rights
| Feature | Admin | User | Info | |
|---|---|---|---|---|
| Templates and images | create save (as) edit rename solve delete sign lock export |
✓ | ✓ | X |
| Container | export | ✓ | ✓ | X |
| create import rename clean up delete |
✓ | X | X | |
| Container information | view | ✓ | ✓ | X |
| Software packages | delete | ✓ | X | X |
| Change log | view export |
✓ | ✓ | X |
| Notification history | view | ✓ | ✓ | X |
| Certificates | view | ✓ | ✓ | X |
| Certificates for package validation | import | ✓ | X | X |
| Certificates for image signing | edit | ✓ | X | X |
Contact
