The content on this page has been updated to reflect the behavior seen in the open beta version of strongDM's Admin UI.
In order to add permissions to a Role, you use Access Rules. Access Rules provide two methods by which to assign access permissions to a Role. Static Access Rules are manually assigned permissions. Dynamic Access Rules provide permissions for resources based on tags and resource types chosen.
Access Rules Editor
Access Rules are the building blocks of Roles. You can add, edit, or delete Access Rules within a Role. Navigate to the Access > Roles page, then look at a Role (or create a new one). To edit an existing Access Rule, click edit. To delete an Access Rule, click edit and once the Edit view is open, click Delete Access Rule.
Each Role can comprise up to 10 Access Rules.
The Access Rule editor can create both Static Access Rules and Dynamic Access Rules.
Static Access Rules
Static Access Rules are the method by which you can assign access to specific resource(s) to a Role, one at a time from a list of checkboxes.
Dynamic Access Rules
Dynamic Access Rules provide the tool set to dynamically assign resource access to members of the Role. Each Dynamic Access Rule is made up of two properties:
Resource type. You can choose a specific type of resource, such as a MySQL DBs or EKS Clusters, or you can choose All resource types.
Resource tags. Tags are key-value pairs assigned to resources.
A Dynamic Access Rule will grant access to all resources that meet all of the criteria specified in its properties. For example, specifying one database type and two tags will grant access only to resources that are of that database type and have both of those tags.
The Access Rule editor will let you know if there are no resources that currently match your criteria. If there are matching resources, it will indicate how many.