Access Management
Last updated
Last updated
Autopilot implements Granular RBAC for all of its features. Autopilot integrates with the customer's authentication provider (viz., LDAP, SAML, etc.) and provides role-based access control to the user groups as available in the authentication system for its features. While installing Autopilot you specify your organization's authentication system and let Autopilot connect to it. With this integration, Autopilot would be able to read through all the user groups defined in your authentication system.`
Note: Autopilot doesn't provide any authentication system for its users, it leverages your organization's Authentication tool. User/User groups cannot be added through Autopilot. And, all the permissions would be managed at the user group level.
When you integrate your organization's authentication provider with Autopilot during the installation, you also specify a list of user groups that would be marked as 'super admins' for the Autopilot resources. A super admin group is a group of user groups that can identify administrator groups for the Autopilot resources post-installation. They can also modify the administrator groups anytime in the system.
Administrators of Autopilot can override any of the user-group permissions on any of the Autopilot resources. Super admins can specify which user groups can be administrators of the Autopilot system and can also modify this group at any time. Below section provides instructions to specify the administrator's group.
As mentioned above, only super admins can use this section, to specify which specific user groups can be provided with administrator rights on the Autopilot resources.
As shown in the image above, super admins would Click on "Setup" --> Click "Access Management". The "Access Management" page appears as shown in the image below.
Click on the "Select Group" drop-down box and a list of all the user groups available with your organization's authentication provider appears in the drop-down.
Now select the specific user groups that would be provided with the administrator rights on Autopilot resources and then click 'Save' button for your changes to be saved as shown in the image below.
Super admins can always come back to this page and modify the user groups (by removing an existing user group or adding new groups) that will have administrator rights on the Autopilot resources.
Managing access permissions for individual Autopilot resources would be managed at that respective resource pages. For example, You can manage Granular RBAC for an application while creating a new application, or you can manage Granular RBAC for integration while creating an integration on the Integrations page.
Following are the different Autopilot features on which Granular RBAC is being implemented.
Integration
Agent
Audit
In addition, we have introduced the “Global Access Permissions” as a key feature of Access Management:
Administrators can create a "User Role" using which they can provide global access to one more type of Resource. For example, a user Role of "Auditor" will be able to view all the Audit events coming from Applications irrespective of the permissions specified by the application owner.
Follow the instructions below to provide Global Access Permissions to the User group:
From the application dashboard, click "Setup" --> Click "Access Management". This will take you to the “User Roles” page as a default. If not, click on “User Roles” tab as shown in the image below.
Note: Access Management can be accessed by an “Admin” user only. A non-admin user cannot access it.
Click “Add User Role” button to provide Global Access Permissions to the specific user group as shown in the image below.
Provide the “User Role Name” and select the “User Group” from the drop-down list to define the application's feature access as shown in the image below.
Turn on the toggle button to grant the feature access permissions and click “Save” button as shown below.
Global Access Permission is provided to the specific user group and the newly created User role name will be listed on the page, as shown in the image below.
From the application dashboard, click "Setup" --> Click "Access Management". This will take you to the “User Roles” page as a default. If not, click on “User Roles” tab as shown in the image below.
This page displays the list of all the user role names available within your organization and select the one you want to edit. Click "Three dots" at end of the User role name and then click "Edit" as shown in the image below.
The User Role screen appears as shown below. Edit the details as required, and click "Save".
From the application dashboard, click "Setup" --> Click "Access Management". This will take you to the “User Roles” page as a default. If not, click on “User Roles” tab as shown in the image below.
This page displays the list of all the user role names available within your organization and select the one you want to delete. Click "Three dots" at end of the User role name and then click "Delete" as shown in the image below.
The confirmation message appears, click "Yes, Delete it!" Refer to the image below: