You are browsing documentation for an older version. See the latest documentation here.
Add a Role and Permissions
Roles make it easy to logically group and apply the same set of Permissions to Admins. Permissions may be customized in detail, down to individual actions and endpoints.
Kong Gateway includes default Roles for standard
use cases, e.g. inviting additional Super Admins,
inviting Admins that may only read
endpoints.
This guide describes how to create a custom Role in Kong
Manager for a unique use case. As an alternative, if a
Super Admin wants to create a Role with the Admin API,
it is possible to do so using
/rbac/roles
.
To add Permissions to the new Role, use
/rbac/roles/{name_or_id}/endpoints
for endpoints or
/rbac/roles/{name_or_id}/entities
for specific entities.
Prerequisites
enforce_rbac = on
- Kong Gateway has started
- Logged in to Kong Manager as a Super Admin
Add a role and permissions
-
On the Admins page, to create a new Role, click the Add Role button at the top right of the list of Roles.
-
On the Add Role form, name the Role according to the Permissions you want to grant.
Note: It may be helpful for future reference to include a brief comment describing the reason for the Permissions or a summary of the Role.
-
Click the Add Permissions button and fill out the form. Add the endpoint Permissions by marking the appropriate checkbox.
-
Click Add Permission to Role to see the permissions listed on the form.
-
To forbid access to certain endpoints, click Add Permission again and use the negative checkbox.
-
Submit the form and see the new Role appear on the Admins page.