Users & Roles
Manage internal staff access with local RBAC mappings. Keycloak OIDC/SAML is the source of identity; this MVP keeps role assignment and permissions in mock mode.
admin
1 usersFull platform administration, including roles and dangerous operations.
1 permissions
operator
1 usersManage server inventory and create mock diagnostic or reinstall tasks.
4 permissions
viewer
1 usersRead-only access to inventory, task statuses, and server details.
2 permissions
auditor
1 usersRead-only access focused on audit logs and compliance review.
2 permissions
Users
Local user profiles mapped to Keycloak identities and internal roles.
| User | Status | Roles | Keycloak Subject | Last Login | Actions |
|---|---|---|---|---|---|
Admin User admin@example.local | active | admin | kc-admin-user | 2026-05-05 20:12 UTC | |
NOC Operator operator@example.local | active | operator | kc-noc-operator | 2026-05-05 18:44 UTC | |
Audit Viewer audit@example.local | invited | auditor | Not linked yet | Never | |
Read Only viewer@example.local | active | viewer | kc-read-only | 2026-05-04 11:03 UTC |
Permission Matrix
RBAC defaults for MVP. OPA policies can later add location-aware and approval-based rules.
Inventory
View data centers, locations, racks, servers
inventory:read
Create and edit inventory entities
inventory:write
Delete inventory entities
inventory:delete
Server Operations
Create mock diagnostic and reinstall tasks
tasks:create
Run mock power actions with confirmation
power:mock
Create mock OS reinstall tasks
os-reinstall:mock
Security
View users and roles
users:read
Assign roles and change user status
users:write
View full audit log
audit:read
Dangerous access changes are mocked
Role changes, suspensions, and Keycloak sync actions currently create UI-only mock events. Real identity updates will be added after Keycloak integration is wired.