Roles are associated with privileges, and these privileges can be managed on the Privileges tab of the Roles screen. See Privileges for a complete list
A user whose role has permission to Manage privileges can modify a role's privileges. To modify a role's privileges, select a role from the list. You can only manage privileges if they are assigned to your own role. If you do not have a privilege you cannot assign or modify that privilege for another role. You cannot modify the privileges of your own role. You cannot modify the privileges of the default Cloud Admin user's role (CLOUD_ADMIN) because this role are locked.
The privileges are organized into logical groups with a separate panel header for each group. Click a panel header to open the panel. The panel header for each group will display the number of privileges assigned to the role in that group with the word "(modified)" if changes have been made.
Click a checkbox to add or remove a privilege. Click the ALL checkbox to add all the privileges in the group.
Before you save your changes with the Save button, these changes will appear in different colors: green for added privileges and red for deleted ones. After you have finished modifying a role's privileges, click Save or Discard changes.
All privileges are independent and there are no dependencies. For example, a user whose role does not have the Access Infrastructure view privilege will not be able to see the Infrastructure view icon in the GUI. However, if this user's role has the privileges Manage datacenters and View datacenter details, the user will be able to access these functions through the API.