Using Zac it is easy to assign edgeRouterRoles to a zrok enviroment (ziti id).
I am looking for a way to specify a default user's role at the user account level in zrok.
Such that all new user’s environments have this role upon creation.
Looking for a way to make edgeRouterRoles work with zrok agent enroll/unenroll.
You want to configure your self-hosted zrok controller at the zrok account level such that specific Ziti Identity role attributes are assigned to the Ziti Identity that's generated when you enable a zrok environment, correct?
Correction: only Identity Role (Attributes) can be assigned to a Ziti Identity. The edgeRouterRoles you mentioned are always Ziti Edge Router Roles (Attributes). This property name exists on policy types that grant to Ziti Edge Routers, e.g., a Ziti Edge Router Policy (ERP).
Yes. I would like to do so.
The essential problem is the zrok user's environments (ziti identities). When a user creates a new environment the corresponding ziti identity will have the default #all role. I'm interesting in setting a specific default role in Edge Routers Policies depending on a particular zrok account.
Similarly, every time user executes zrok agent enroll the corresponding Service Router Policy will have the default #all role instead of a specific one. So I need to keep an eye open on these polices and modify them accordingly.