6.2 Role Based Access Control
Role-Based Access Control (RBAC) helps you manage who has access to Indeni resources and what operations they can do with those resources. Indeni supports two user-defined user privileges; Administrator and Read-Only. The Administrator role can control all aspects of the system, including assigning different roles with different privileges to users. The Read-Only role provides an access control category which permits a user to log into Indeni with restricted functions. Typically, a Read-Only role is assigned to an operator. You can also create as many as 100 custom roles in the system.
Indeni maintains at least one local administrator account and will not allow users to delete it. Please contact Indeni Support if you need assistance resetting the local administrator account.
Selecting Permissions for Specific Actions
Each non-admin role can be configured with a custom set of actions and screens.
Selecting a permission enables it, allowing the user to access the relevant function.
Show Button
The Show button is unique in the sense that it is the only button which does not exert control over a specific UI function. Instead, the Show button allows access to the page from which the relevant UI functions can be carried out.
Note: The Show button is automatically selected whenever any permission for a specific action is selected. The Show button cannot be de-selected if even a single permission was selected for the Action in question – see screenshot below
Configuring User Level Privileges
Please Note: Only Administrator Level Users can change permission levels and assign roles to Users.
To configure RBAC for an individual local user, navigate to the Settings Section, select Users, then select the user you want to assign a user privilege to. In this example, the user ‘foo’ is assigned Read Only privilege.
Configuring User Privileges at Group level
An Administrator can also assign roles to groups. For example, if there are 100 users within an Indeni user group, assigning roles to a group will simplify the user management.
You can configure RBAC for a group by scrolling down to the to the Groups Section, and assign the relevant groups to the specified role.
Operational Privileges
The table below summarizes the RBAC privileges the two user types we will have:
[table id=17 /]
Read-Only Privilege
Users with Read-Only access cannot perform any UI functions and cannot access configuration screens. The following functions cannot be accessed by Read-Only Roles
- Analysis and reports
* Viewing existing reports or creating new ones - Credential Management
* Viewing, creating or editing credential sets - Devices:
* Adding or removing devices
*Creating, removing or modifying labels - Issue administration:
* Configuring the issue settings (e.g. severity, thresholds). - Rules:
* Creating or deleting rules
* Disabling rules - Backups
* Creating, deleting or editing backup jobs - About
* Updating system version - Integrations
* Creating, editing or deleting integrations - Authentication
* Creating, editing or deleting authentications - Users
* Creating, editing or removing users - Application Settings
* Edit application settings
Version Migration
When you migrate from a previous version of Indeni, existing users will remain as administrative users. Indeni will no try to “guess” which users should maintain administrative privileges and which users should have read-only access. The administrator is expected to reset the appropriate privileges.