The following list describes what you can and cannot do through roles:
- You can assign privileges to a role.
- You can create custom roles and assign privileges to those roles.
- You can copy an existing role.
- You can add any user or group of users, including well-known groups, to a role as long as the users can authenticate to the cluster.
- You can add a user or group to more than one role.
- You cannot assign privileges directly to users or groups.
When OneFS is first installed, only users with root- or admin-level access can log in and assign users to roles.