Role-Based Access Control
Manage user permissions in ThreatKey using roles and privileges. Align access with user responsibilities.
Overview
ThreatKey provides role-based access control (RBAC) to manage permissions across the platform. RBAC aligns user access with their responsibilities.
With RBAC, admins create roles that bundle permissions. Users are assigned to roles to inherit the correct access. This simplifies permission management for organizations.
Key Concepts
Roles - Named collections of privileges like "Admin" or "Auditor". Roles streamline access management.
Privileges - Permissions to access parts of ThreatKey like dashboards, reports, and settings. Roles combine relevant privileges.
Users - Individuals requiring access to ThreatKey. Users are assigned to roles based on their responsibilities.
Admins - Special users that can manage roles, privileges, and other user assignments.
Implementation
Role Creation - Admins define new roles by choosing a name and selecting privileges like analytics, Incident response, administration etc.
User Assignment - Users are assigned to the standard role that best fits their job function. This grants them the necessary access through the role's privileges.
Dynamic Access - As user roles change, admins simply re-assign them to a new role to realign their access. No individual privilege adjustments needed.
Benefits
- Simplified administration of user permissions
- Accuracy of access aligned to user needs
- Avoidance of privilege creep or improper access
- Adaptability to changing user roles
- Increased visibility into user responsibilities
RBAC is a best practice for user access management with ThreatKey. Roles allow the right access for each user.
Additional Resources
- Role and privilege definitions
- How to create a custom role
- Best practices for access management