Managing Roles

Implement Axonius Role Based Access Control (RBAC) by creating roles. Use the Roles page to create and manage roles.
A role is a predefined set of permissions. Each user is assigned to a specific role. This means that any changes to the role permissions affect all the users to whom the role is assigned.
To manage Roles:

1. From the top right corner of any page, click . The System Settings page opens.
2. In the Categories/Subcategories pane of the System Settings page, expand User and Role Management, and select Roles.

The Roles page displays the following:

• Roles - the list of defined Axonius roles.
  Axonius includes the following default system roles:
  • Admin - A user with maximum permissions for all Axonius platform and product pages and capabilities.
  • Viewer - A user with 'View' permissions for all Axonius platform and product pages, and who has no access to the System Settings (including user management).
  • Restricted - A user who can view only the Dashboards page, and who has no access to all other pages and capabilities.
  • No Access - A user with no permissions.
    In addition, all roles the admin defined appear here.

• Users - The number of users in the system with that role. This does not include Service Accounts. Click on a number to open the Asset Profile page and display a list of users with that role.

• Service Accounts - The number of Service Accounts this role can access. Click the blue number to view the Service Accounts page filtered on this role.

• Roles categories and permissions levels - A role consists of multiple categories. Each category consists of a different set of permissions.

  • The Permissions List describes the permission and behavior for each category and permission.
  • Each category is summarized to one of the following levels:
    • No Access - None of the permissions within the category are enabled.
    • Partial Access - Some of permissions within the category are enabled.
    • Full Access - All of permissions within the category are enabled.

Adding a New Role

1. From the Roles page, click Add Role.

2. The New Role drawer opens.

3. Provide a name for the role and select the permission level for each permission category.

   Note:

   1. It is suggested to allow 'View dashboard' to all users.
   2. Assigning a user with a role that provides permissions to add and to edit users and roles will allow that user to create any user type with any permission level.

4. Click Save.

   Note:

   If you are using an Identity Provider Login, for example SAML, any user logging in for the first time will be automatically added to the users list and assigned a role based on the configured role assignment rules. For details, see Identity Provider Settings .

Duplicating an Existing Role

To duplicate an existing role:

1. From the Roles page, click the role you want to duplicate; the New Role drawer opens.

2. On the right side of the drawer, click the duplicate ( ) icon.
3. Change the permission name or desired permissions.
4. Click Save.

Updating an Existing Role

1. From the Roles page, click the role you want to update; the Manage Role drawer opens.

3. On the right side of the drawer click the edit ( ) icon.
4. Change the permission name or desired permissions.
5. Click Save.

Deleting an Existing Role

1. From the Roles page, click the role you want to delete; the Manage Role drawer opens.

2. On the right side of the drawer, click the Delete ( ) icon.

Filtering by Role Type

You can find all users with a specific role type.

1. Click on the Role drop down box. All the role types that are configured on the system are displayed, both the system roles and the user configured roles. This does not include service accounts.

   

2. Choose one or more role types. The role types you chose are displayed.

• Click Clear All to clear all of your selections. Use Reset to clear the search.