Document toolboxDocument toolbox

Configuring Roles for deployment users

Applies to: Kyvos Enterprise  Kyvos Cloud (SaaS on AWS) Kyvos AWS Marketplace

Kyvos Azure Marketplace   Kyvos GCP Marketplace Kyvos Single Node Installation (Kyvos SNI)


Note

This is not required if the Virtual Private Cloud (VPC) is newly created from the Kyvos-provided template.

Download the AzureCustomRole_DeploymentUser.json file from the Azure Installation files folder and keep it handy.

Creating a custom role

  1. Log in to the Azure portal.

  2. Navigate to Virtual Network and click Properties on the navigation bar. Copy the Resource ID and paste it onto a notepad. You will need this for creating the custom role.

  3. Navigate to the Network Security group and click Properties on the navigation bar. Copy the Resource ID and paste it onto a notepad. You will need this for creating the custom role.

  4. Navigate to Resource Group and click Access Control (IAM) on the navigation bar.

  5. Click Add > Add custom role as shown below.

  6. Click the JSON tab, and then click Edit.

  7. Delete the existing JSON text.

  8. Copy the text from the AzureCustomRole_DeploymentUser.json file and paste it into the JSON textbox.

  9. Replace the <Virtual Network Resource ID> and <Security Group Resource ID> with the respective Resource IDs that you copied earlier (in steps 2-3).

  10. Click Save. The JSON automatically assigns the required permissions.

  11. Now go to the Basics tab, and provide a unique name for your role.

  12. Click on Review + Create. Then click Create.

Attach Role to User

Once you have created a custom role on Azure, you need to attach the role to the deployment user. For this, perform the following steps.

  1. Go to the Network Security group and click Access Control (IAM).

  2. Click Add > Add role assignment.

  3. On the Role Assignment pane, enter details as:

    1. Role: Search and select the custom role that you created (in the previous steps). 

    2. Assign Access To: Select the User, group, or service principal option. 

    3. Select: Select the User to which you want to add this role. 

  4. Click Review+Assign.

  5. Navigate to Virtual Network, click Access Control (IAM) and then add the same Role and assign to the same USER that you used for the Network Security Group and click Save.

Copyright Kyvos, Inc. All rights reserved.