Accounts can be assigned "Management Roles" that allow and restrict which operations an account can action.

An account can be assigned a maximum of 16 management roles.

Each Role can enable or disable none or up to all actions specific to the nexfs management service.

Management roles are configured through the Nexfs management console. First, select "Identity & Access" from the left side menu and then "Management Roles"

Existing management roles will be listed.

A role can be deleted using the "Delete Role" button found under each role, or a role's details can be modified and then saved using the "Save Role" button, again located under each role. Note: The Role ID cannot be modified through the managment console.

The Role Version will automatically be updated as long as it is in the standard dd/mm/yyyy.x format; alternatively, the version can be updated manually.

To create a new role, click on the "Add Role" button displayed under the list of roles.

• A role requires a description / name.

• Optionally roles may be given allowed and denied policy identifiers.

  
  

• To select or deselect a action, click on the action, zero or more can be selected. The wildcard "*.*" represents all actions.

• Roles can also be enabled or disabled.

Note: if an action is explicitly denied, it cannot be used even if it is also explicitly allowed in this or any other policy assigned to an account.