Creating a User Role

In a bastion host, default roles include DepartmentManager, PolicyManager, AuditManager, and User. This topic walks you through how to create a custom role.

Constraints

Only system administrator admin can create a system role.
To obtain permissions for the user group and account group modules, configure the User and Account modules.

Creating a Role

Log in to your bastion host.
In the navigation pane on the left, choose User > Role to go to the role list page.

On the displayed page, click New in the upper right corner of the page. In the displayed New Role dialog box, complete required parameters

**Table 1** Parameters for creating a role
Parameter	Description
Role	Specifies the role name. The value of Role must be unique in a bastion host and cannot be changed after it is created.
Managing Permission	Specifies whether to enable permission management for the role. Users assigned with management permissions can select a superior department when they create a resource or user. NOTE: Only users with management permissions can grant ticket approval permission to a role. Otherwise, the approval permission will not take effect, even if it is enabled in 4. Enable: The role has the management permissions and users with this role granted can view the data of their departments and lower-level departments. Disable: The role has no management permissions.
Remarks	(Optional) Provides supplementary information about the role.

Click Next. In the displayed dialog box, configure system module permissions for the role.

Enable or disable the permission for each system module on the left. If the permission is enabled, you can select specific functions on the right of the corresponding system module. After the configuration, the role will have the permissions of the selected functions.
Click OK. You can then view the created role in the role list.