It’s not new, but when people start using Varnish Administration Console (VAC), we often get questions about user access roles in the VAC. We covered this in our blog when we originally set up three distinct access roles - but it never hurts to offer up a refresher.
So you’re using VAC and you want to…
This is the question that arises frequently with new customers and also with prospects who wonder how access roles will or can be delineated. Who can undertake these actions? What are the limitations and entitlements of each of these roles? We set it up in the most basic way with three roles (there are no plans at the moment to change this) that can easily be assigned within the system: Admin, User and Read-Only.
Admin: Keys to the kingdom
The user with Admin rights in VAC can do just about everything across all groups within the VAC. The Admin is the one who is responsible for assigning users to groups and to one of these access roles. What can the Admin do in VAC?
- Create/edit/deploy/remove/delete VCL and parameters
- Can issue bans
- Can remove caches and add them to groups
- Can create groups
- Can create users, assign and change roles, and assign users to groups
User: A limited admin
The User role gets basically the same rights and responsibilities as the admin, but the User’s access applies only to the one or more groups to which s/he is assigned.
If the User is not assigned to a certain group, s/he can't see that group’s definitions.
Read-only: Peeking in from the outside
Read-only users can't execute any operation within the VAC. Pretty much, s/he can see the list of caches, and check the monitoring. But that’s it: Just a peek inside.
We work with VAC every day, so it’s easy for us to overlook some of the things that would be useful information to new users. Don’t hesitate to reach out and ask your questions about using the VAC.
Also important: the VAC API documentation has been upgraded and improved - it's a great technical resource to start from in getting your VAC-related questions answered.
Meanwhile take a peek at an on-demand webinar on Varnish Administration Console to see if your questions are answered there.