Part 6.2: Role Based Access Control

Release Version 6.4.1

Role-Based Access Control (RBAC) helps you manage who has access to Indeni resources and what operations they can do with those resources. Indeni supports two user privileges; Administrator and Read-Only. The Administrator role can control all aspects of the system, including assigning different roles with different privileges to users. The Read-Only role provides an access control category which permits a user to log into Indeni with restricted functions. Typically, a Read-Only role is assigned to an operator.

Indeni maintains at least one local administrator account and will not allow users to delete it. Please contact Indeni Support if you need assistance resetting the local administrator account.

Configuring User Level Privileges

Please Note: Only Administrator Level Users can change permission levels and assign roles to Users.

To configure RBAC for an individual local user, navigate to the Settings Icon, select Authentication and click on Local, then select the user you want to assign a user privilege to. In this example, the user ‘foo’ is assigned Read Only privilege.

Configuring User Privileges at Group level

An Administrator can also assign roles to LDAP groups. For example, if there are 100 users within a LDAP group, assigning roles to a group will simplify the user management.

You can configure RBAC for a LDAP group by navigating to the Settings Icon, select Authentication and click on CA (Centralized Authentication), then choose the LDAP group you want to assign user privileges to. In this example, the LDAP group “Users” is assigned Read Only privilege.

Please Note: The user privilege is associated to the LDAP group. You cannot change a role at the individual user level. To change the role at a per user level, you can either move the user to a different LDAP group or you can define a local user.

Operational Privileges

The table below summarizes the RBAC privileges the two user types we will have:

 FunctionsAdministratorRead-Only
IssuesView summary, Current, Archived issues & Indeni Rules (Including Adding Notes to Current Issues)
Archive and Unarchive Issues
Issue/Alert Administration (e.g. Change Thresholds, Disable Rules)
AnalysisCreate Analysis Charts
DevicesIssue/Alert Administration (e.g. Change Thresholds, Disable Rules)
Device Administration - Suspend & Resume
View Device Information & Run Report
Backup Administration (Create, Update and Delete Backup List)
View Backup Jobs and Retrieve Backup Files
SettingsCreate Analysis Charts
System Administration (Including Upgrades)
Integrations
User Administration
InDEView Automation Scripts
OtherSend Support Tickets through the User Interface

Read-Only Privilege

Users with Read-Only access cannot perform the functions listed below, and therefore hidden by default.

  1. System Administration:
    * Configuring LDAP.
    * Configuring Integration.
  2. User Administration:
    * Although a read-only use cannot add, delete or change user accounts information, they can change       the settings when it comes to receiving issues preference via email, based on the criticality of the             issue.
  3. Device administration:
    * Adding or removing devices.
    * Configuring device settings (credentials, device names and IP addresses).
    * Creating, removing or modifying labels.
    * Configuring backup.
  4. Issue administration:
    * Configuring the alert settings (e.g. severity, thresholds).
    * Migration Considerations

Version Migration

When you migrate from a previous version of Indeni, existing users will remain as administrative users. Indeni will no try to “guess” which users should maintain administrative privileges and which users should have read-only access. The administrator is expected to reset the appropriate privileges.