Roles

Last modified on November 29, 2023

Roles in StrongDM are the method of providing users access to resources. A role is a collection of permissions that are granted to the users that are assigned to that role.

To assign users to roles in the Admin UI, you can simply go to the user in question, open the Roles tab, search your roles list, and add them. In the CLI, you can use the sdm admin users command. Any given user may be assigned 20 roles at maximum.

In order to add permissions to a role, use access rules. Access rules provide two methods by which to assign access permissions to a role. Static access rules are manually assigned permissions. Dynamic access rules provide permissions for resources based on tags and resource types chosen.

Suspended

Users in the Suspended role cannot log in or access any datasources or servers.

Access Rules

In order to add permissions to a role, you use access rules. Access rules provide two methods by which to assign access permissions to a role. Static access rules are manually assigned permissions. Dynamic access rules provide permissions for resources based on tags and resource types chosen.

Access rule editor

Access rules are the building blocks of roles. You can add, edit, or delete access rules within a role. Navigate to the Access > Roles page, and then look at a role (or create a new one). To edit an existing access rule, click edit. To delete an access rule, click edit and once the Edit view is open, click Delete Access Rule.

Each role can comprise up to 10 access rules.

The access rule editor can create both static access rules and dynamic access rules.

Static access rules

Static access rules are the method by which you can assign access to specific resource(s) to a role, one at a time from a list of checkboxes. You can select up to 2000 resources per rule.

Dynamic access rules

Dynamic access rules provide the tool set to dynamically assign resource access to members of the role. Each dynamic access rule is made up of two properties:

  • Resource type: You can choose a specific type of resource, such as a MySQL databases or EKS clusters, or you can choose All resource types.
  • Resource tags: Tags are key-value pairs assigned to resources. An access rule may include up to 20 tags.

The access rule editor indicates if there are no resources that currently match your criteria. If there are matching resources, it indicates how many.

You can find resources and information about the following StrongDM topics in this section: