6.2: Role Based Access Control

Release Version 6.5.3

Role-Based Access Control (RBAC) helps you manage who has access to Indeni resources and what operations they can do with those resources. Indeni supports two user privileges; Administrator and Read-Only. The Administrator role can control all aspects of the system, including assigning different roles with different privileges to users. The Read-Only role provides an access control category which permits a user to log into Indeni with restricted functions. Typically, a Read-Only role is assigned to an operator.

Indeni maintains at least one local administrator account and will not allow users to delete it. Please contact Indeni Support if you need assistance resetting the local administrator account.

Selecting Permissions for Specific Actions

Each non-admin role can be configured with a custom set of actions and screens. 

Selecting a permission enables it, allowing the user to access the relevant function.

Show Button

The Show button is unique in the sense that it is the only button which does not exert control over a specific UI function. Instead, the Show button allows access to the page from which the relevant UI functions can be carried out.

Note: The Show button is automatically selected whenever any permission for a specific action is selected. The Show button cannot be de-selected if even a single permission was selected for the Action in question – see screenshot below

Configuring User Level Privileges

Please Note: Only Administrator Level Users can change permission levels and assign roles to Users.

To configure RBAC for an individual local user, navigate to the Settings Section, select Roles, then select the user you want to assign a user privilege to. In this example, the user ‘foo’ is assigned Read Only privilege.

Configuring User Privileges at Group level

An Administrator can also assign roles to groups. For example, if there are 100 users within an Indeni user group, assigning roles to a group will simplify the user management.

You can configure RBAC for a group by scrolling down to the to the Groups Section, and assign the relevant groups to the specified role.

Operational Privileges

The table below summarizes the RBAC privileges the two user types we will have:

 FunctionsAdministratorRead-Only
IssuesView summary, Current, Archived issues & Indeni Rules (Including Adding Notes to Current Issues)
Archive and Unarchive Issues
Issue Administration (e.g. Change Thresholds, Disable Rules)
AnalysisCreate Analysis Charts
DevicesIssue Administration (e.g. Change Thresholds, Disable Rules)
Device Administration - Suspend & Resume
View Device Information & Run Report
Backup Administration (Create, Update and Delete Backup List)
View Backup Jobs and Retrieve Backup Files
SettingsCreate Analysis Charts
System Administration (Including Upgrades)
Integrations
User Administration
InDEView Automation Scripts
OtherSend Support Tickets through the User Interface

Read-Only Privilege

Users with Read-Only access cannot perform any UI functions and cannot access configuration screens. The following functions cannot be accessed by Read-Only Roles

  1. Analysis and reports
    * Viewing existing reports or creating new ones
  2. Credential Management
    * Viewing, creating or editing credential sets
  3. Devices:
    * Adding or removing devices
    *Creating, removing or modifying labels
  4. Issue administration:
    * Configuring the issue settings (e.g. severity, thresholds).
  5. Rules:
    * Creating or deleting rules
    * Disabling rules
  6. Backups
    * Creating, deleting or editing backup jobs
  7. About
    *
    Updating system version
  8. Integrations
    * Creating, editing or deleting integrations
  9. Authentication
    * Creating, editing or deleting authentications
  10. Users
    * Creating, editing or removing users
  11. Application Settings
    * Edit application settings

Version Migration

When you migrate from a previous version of Indeni, existing users will remain as administrative users. Indeni will no try to “guess” which users should maintain administrative privileges and which users should have read-only access. The administrator is expected to reset the appropriate privileges.