# Creating and using Roles

For a demo example of following steps, here is the policy timestamp: **1675164531.823309003**

### **User roles usage in Policies**

#### **An example of creating and using Roles in Policy**

1. Switch to the Roles tab

<figure><img src="https://3006114282-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXVOaWpJKxLZf1Tee9eCO%2Fuploads%2F8bbYcwXQdtQTrhyxGUhl%2Fimage.png?alt=media&#x26;token=fc470265-1d3a-487e-a5c6-5d81cfa54ac5" alt=""><figcaption></figcaption></figure>

2. Create 2 new roles called ‘**Example role 1***’ and* ‘***Example role 2***’

<figure><img src="https://3006114282-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXVOaWpJKxLZf1Tee9eCO%2Fuploads%2F46JK7QrP4651spyiwMWg%2Fimage.png?alt=media&#x26;token=732ff027-2c17-4dc7-9563-1127f6fa4d35" alt=""><figcaption></figcaption></figure>

<figure><img src="https://3006114282-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXVOaWpJKxLZf1Tee9eCO%2Fuploads%2FeQRvQsICVudEUcfID578%2Fimage.png?alt=media&#x26;token=da380441-974f-4dc5-bcf6-f9e98be210a2" alt=""><figcaption></figcaption></figure>

3. In the root container create 4 more ’**interfaceContainerBlock***’* container called ‘**no\_role***’*, ‘**owner***’*, ‘**role\_1***’ and ‘***role\_2***’*

![](https://3006114282-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXVOaWpJKxLZf1Tee9eCO%2Fuploads%2F4bARjPZC9BQj4b3rXUlJ%2Fimage.png?alt=media\&token=6b54a1ed-1b35-4bfb-8d0d-775b09455b4e)

{% hint style="info" %}
**Note:** By default all containers would have ‘*Any Role’* set and thus they would be visible to all users (with all roles)
{% endhint %}

4. Change the ‘Permissions’ properties in each container in the following way:

* no\_role: No Role
* owner: Owner
* role\_1: Example role 1
* role\_2: Example role 2

<figure><img src="https://3006114282-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXVOaWpJKxLZf1Tee9eCO%2Fuploads%2FRVmGH9VyAqO05U19fYdd%2Fimage.png?alt=media&#x26;token=dc2f7bcf-a955-4ff8-955b-a0492ab61add" alt=""><figcaption></figcaption></figure>

<figure><img src="https://3006114282-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXVOaWpJKxLZf1Tee9eCO%2Fuploads%2FHJzq019JoEGQSOrrMst5%2Fimage.png?alt=media&#x26;token=abecd744-9ef6-43f9-ab9f-d3b3fe0be897" alt=""><figcaption></figcaption></figure>

<figure><img src="https://3006114282-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXVOaWpJKxLZf1Tee9eCO%2Fuploads%2F2vvdM1qYy46uI2enNpxA%2Fimage.png?alt=media&#x26;token=a0bf3d5a-682a-4d4f-b172-9013d2af3365" alt=""><figcaption></figcaption></figure>

<figure><img src="https://3006114282-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXVOaWpJKxLZf1Tee9eCO%2Fuploads%2FF8uJSEwl8zLleLmymfGK%2Fimage.png?alt=media&#x26;token=75e59252-da13-402f-8d85-1465085728c4" alt=""><figcaption></figcaption></figure>

This would result in the following visibility of containers:

* The first container (called ’no role’) would be visible only to new users which have no role assigned to them
* The ‘owner’ container would be visible only to the Standard Registry which created (or imported) this policy
* The ‘role 1’ container would be visible only to users with ‘*Example role 1’*
* The ‘role 2’ container would be visible only to users with ‘*Example role 2’*

5. Add a ‘**policyRolesBlock***’* to the ‘*no\_role’* container and name it ‘*choose\_role’*

<figure><img src="https://3006114282-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXVOaWpJKxLZf1Tee9eCO%2Fuploads%2Fj3JGpIpyrtneF2womJow%2Fimage.png?alt=media&#x26;token=9fa232db-84a9-440d-8203-de5e9648556b" alt=""><figcaption></figcaption></figure>

Since this block is located inside the container ‘*no\_role*’ which has ‘*No role*’ permission setting it would only be visible to new users without an assigned role.

6. The ‘**Available Roles***’* property allows to configure which roles would be available to users to chose from at this stage of the Policy workflow

Select ‘**Example role 1***’ and* ‘**Example role 2***’*

<figure><img src="https://3006114282-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXVOaWpJKxLZf1Tee9eCO%2Fuploads%2FGpZ5MuQl1L7L1L4smqEM%2Fimage.png?alt=media&#x26;token=486199c5-060f-42f6-9653-07e6e7af0052" alt=""><figcaption></figcaption></figure>

7. Add ‘**informationBlock**’ to other containers just to display results

<figure><img src="https://3006114282-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXVOaWpJKxLZf1Tee9eCO%2Fuploads%2Ftq01D8kCPieNQek9Tt7l%2Fimage.png?alt=media&#x26;token=308b62d5-c15a-4399-b33a-0505c02130b5" alt=""><figcaption></figcaption></figure>

#### **Results**:

1. New users would end up on the policy choice form upon entering the policy

<figure><img src="https://3006114282-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXVOaWpJKxLZf1Tee9eCO%2Fuploads%2FXqPQ5fTuQ3CXsnO42qjw%2Fimage.png?alt=media&#x26;token=8b12ab2b-6e94-4040-935f-03395079fb3c" alt=""><figcaption></figcaption></figure>

2. After the selection of the role users would see only 1 container corresponding to their roles

<figure><img src="https://3006114282-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXVOaWpJKxLZf1Tee9eCO%2Fuploads%2FssqyG80tto9PNLgJvGEn%2Fimage.png?alt=media&#x26;token=6845481f-6402-4bc7-8222-98b43c1de830" alt=""><figcaption></figcaption></figure>

3. The owner of the Policy (the Standard Registry user) upon executing the policy would skip the role selection form and would immediately end-up in the corresponding container

<figure><img src="https://3006114282-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FXVOaWpJKxLZf1Tee9eCO%2Fuploads%2Fw68vp33F9B1xXowu4nB9%2Fimage.png?alt=media&#x26;token=e159afcf-e759-4496-aacf-497b93e8644a" alt=""><figcaption></figcaption></figure>