Release Version 6.4.1
Role-Based Access Control (RBAC) helps you manage who has access to Indeni resources and what operations they can do with those resources. Indeni supports two user privileges; Administrator and Read-Only. The Administrator role can control all aspects of the system, including assigning different roles with different privileges to users. The Read-Only role provides an access control category which permits a user to log into Indeni with restricted functions. Typically, a Read-Only role is assigned to an operator.
Indeni maintains at least one local administrator account and will not allow users to delete it. Please contact Indeni Support if you need assistance resetting the local administrator account.
Configuring User Level Privileges
Please Note: Only Administrator Level Users can change permission levels and assign roles to Users.
To configure RBAC for an individual local user, navigate to the Settings Icon, select Authentication and click on Local, then select the user you want to assign a user privilege to. In this example, the user ‘foo’ is assigned Read Only privilege.
Configuring User Privileges at Group level
An Administrator can also assign roles to LDAP groups. For example, if there are 100 users within a LDAP group, assigning roles to a group will simplify the user management.
You can configure RBAC for a LDAP group by navigating to the Settings Icon, select Authentication and click on CA (Centralized Authentication), then choose the LDAP group you want to assign user privileges to. In this example, the LDAP group “Users” is assigned Read Only privilege.
Please Note: The user privilege is associated to the LDAP group. You cannot change a role at the individual user level. To change the role at a per user level, you can either move the user to a different LDAP group or you can define a local user.
The table below summarizes the RBAC privileges the two user types we will have:
|Issues||View summary, Current, Archived issues & Indeni Rules (Including Adding Notes to Current Issues)||√||√|
|Archive and Unarchive Issues||√||√|
|Issue/Alert Administration (e.g. Change Thresholds, Disable Rules)||√|
|Analysis||Create Analysis Charts||√||√|
|Devices||Issue/Alert Administration (e.g. Change Thresholds, Disable Rules)||√|
|Device Administration - Suspend & Resume||√||√|
|View Device Information & Run Report||√||√|
|Backup Administration (Create, Update and Delete Backup List)||√|
|View Backup Jobs and Retrieve Backup Files||√||√|
|Settings||Create Analysis Charts||√||√|
|System Administration (Including Upgrades)||√|
|InDE||View Automation Scripts||√||√|
|Other||Send Support Tickets through the User Interface||√||√|
Users with Read-Only access cannot perform the functions listed below, and therefore hidden by default.
- System Administration:
* Configuring LDAP.
* Configuring Integration.
- User Administration:
* Although a read-only use cannot add, delete or change user accounts information, they can change the settings when it comes to receiving issues preference via email, based on the criticality of the issue.
- Device administration:
* Adding or removing devices.
* Configuring device settings (credentials, device names and IP addresses).
* Creating, removing or modifying labels.
* Configuring backup.
- Issue administration:
* Configuring the alert settings (e.g. severity, thresholds).
* Migration Considerations
When you migrate from a previous version of Indeni, existing users will remain as administrative users. Indeni will no try to “guess” which users should maintain administrative privileges and which users should have read-only access. The administrator is expected to reset the appropriate privileges.