This documentation and the Cisco Observability Platform functionalities it describes are subject to change. Data saved on the platform may disappear and APIs may change without notice.

Access Management Default Roles

Agent Role

The role iam:agent does not acquire permissions to access APIs or Knowledge Store resources. To make an API or Knowledge Store type available to an agent, you must map the permission to iam:agent role.

[
  {
    "name": "agent",
    "displayName": "Agent",
    "description": "Auto applied to Agent principals"
  }
]

Config Manager

[
  {
    "name": "configManager",
    "displayName": "Config Manager",
    "description": "Has permissions to alter configurations of a tenant"
  }
]

Observer

[
  {
    "name": "observer",
    "displayName": "Observer ",
    "description": "Has permissions to read configurations of a tenant"
  }
]

Tenant Administrator

The role iam:tenantAdmin can access an API or type if a permission has been defined. Thus, you do not need to map the permissions to this role.

[
  {
    "name": "tenantAdmin",
    "displayName": "Tenant Admin",
    "description": "Can Access All APIs and Objects for a tenant"
  }
]

Troubleshooter

[
  {
    "name": "troubleshooter",
    "displayName": "Troubleshooter",
    "description": "Has access to alerting configs"
  }
]