Role-Based Access Control Overview
Contrail Service Orchestration supports the authentication and authorization of users. Both MSP and tenant users access the pages within the unified Administration and Customer Portal based on their role and access permissions.
Table 1 shows MSP and Tenant roles and their access privileges.
Table 1: Roles and Access Privileges
Role | Access Privileges |
|---|---|
MSP Administrator | Users with the MSP Administrator role have full access to the Administration Portal UI or API capabilities. They can use the UI or APIs to add one or more users with MSP Administrator or MSP Operator roles, onboard tenants, and add the first tenant administrator during the onboarding process. They can also add tenant administrators or operators by switching the scope to a specific tenant. |
MSP Operator | Users with the MSP Operator role have read-only access to the Administration Portal UI and APIs. |
Tenant Administrator | Users with the Tenant Administrator role have full access to the Customer Portal UI and APIs. They can add one or more users with the Tenant Administrator or Tenant Operator roles. |
Tenant Operator | Users with the Tenant Operator role have read-only access to the Customer Portal UI and APIs. |
