SearchVarnish Controller
Varnish Controller Roles are a pre-defined set of permissions (see permissions) that can be assigned to multiple accounts. Each account can have one role assigned per organization.
Roles created by a system administrator are accessible across all organizations, while roles created by an organizational user are specific to their own organization. This approach enables roles to be reused across organizations while allowing for the possibility to define organization-specific roles.
Any updates to a permission within the role will be reflected immediately for the assigned accounts.
To link a role to an IDP account, you must configure the IDP settings connected to the organization (see IDP). The new role will be reflected upon login.
If you’re using Microsoft Entra, additional documentation is available here.
Roles can be created using any interface: the UI, CLI, or API.
When creating a role, previously created roles can be used as templates for ease of use when filling the permissions.
Roles can be managed from the Assigned tab on a role, or from the Permissions tab on a single account page.
# Create a role
vcli role add custom_role --description "custom role" --perms agent:r- --perms vclgroup:-w --perms router:rw
# Create a role based on a template but override on the account write
vcli role add editor_without_account_write --description "orgAdmin" --template=organizationAdmin --perms account:r-
# Assign an account to an organization with role
vcli org assign 1 -a 2 -r 1
# Create an account as an organization user with role
vcli account add user --password secret -r 1
Any changes to a role will be applied to all assigned accounts.