This page lists the IAM permissions associated with Compute Ops Management, along with which built-in roles contain the permission and whether or not the permission is affected by granular scoping. To read more about granular scoping see Compute Ops Management Scope Based Access Control (SBAC) - IAM.
There are three built-in roles for Compute Ops Management: Observer, operator, and administrator. Each role has a pre-defined set of permissions.
| Permission | Observer | Operator | Administrator | Supports granular scoping |
|---|---|---|---|---|
| Compute appliance delete | X | |||
| Compute appliance read | X | X | X | |
| Compute appliance edit | X | X | ||
| Compute appliance create | X | |||
| Compute appliance use | X | X | ||
| Compute approval policy create | X | |||
| Compute approval policy read | X | X | X | |
| Compute approval policy edit | X | |||
| Compute approval policy delete | X | |||
| Compute approval request read | X | X | X | |
| Compute approval request approve | X | X | ||
| Compute async operation read | X | X | X | |
| Compute authorization edit | X | |||
| Compute filter edit | X | X | ||
| Compute filter read | X | X | X | |
| Compute filter create | X | |||
| Compute filter delete | X | |||
| Compute group read | X | X | X | |
| Compute group use | X | X | ||
| Compute group delete | X | |||
| Compute group create | X | |||
| Compute group edit | X | |||
| Compute schedule create | X | |||
| Compute schedule read | X | X | X | |
| Compute schedule edit | X | X | ||
| Compute schedule delete | X | |||
| Compute server read | X | X | X | |
| Compute server edit | X | X | X | |
| Compute setting read | X | X | X | |
| Compute setting use | X | X | ||
| Compute setting delete | X | |||
| Compute setting create | X | |||
| Compute setting edit | X | |||
| Compute webhook read | X | X | X | |
| Compute webhook create | X | |||
| Compute webhook edit | X | |||
| Compute webhook delete | X |
If one of the built-in roles does not provide the set of permissions needed, a custom role can be created and assigned any set of permissions.
To create a custom role, or view the permissions associated with built-in roles, use the HPE GreenLake Roles & permissions page. Read more about this process in the HPE GreenLake user role documentation.
To assign a role, use the HPE GreenLake Workspace identity & access page. Read more about this process in the HPE GreenLake assign roles documentation.