Roles are associated with privileges. Privileges can be managed in Users view on the Privileges pane of the Roles screen. See Privileges for a complete list.
A user whose role has permission to Manage privileges can modify a role's privileges. You cannot modify the privileges of your own role. You cannot modify the privileges of the default Cloud Admin user's role (CLOUD_ADMIN) because this role is locked. The privileges of a locked role are grayed out, as shown in the following screenshot.
For your roles, you can only manage the privileges that are also assigned to your own role. If you do not have a privilege, you cannot assign or modify that privilege for another role.
The privileges are organized into logical groups with a separate panel for each group.
To modify a role's privileges, select a role from the Roles list.
In the Privileges pane, click a checkbox to add or remove the privilege. Click the All privileges checkbox to add all the privileges in the group.
After you have finished modifying a role's privileges, save the changes by clicking Save or discard the changes by clicking on any role name (including the same role, reloading it).
All privileges are independent and there are no dependencies. For example, a user whose role does not have the Access Infrastructure view privilege will not be able to see the Infrastructure view icon in the GUI. However, if this user's role has the privileges Manage datacenters and View datacenter details, the user will be able to access these functions through the API.