Managing Roles
  • 11 Dec 2024
  • 3 Minutes to read
  • Dark
    Light
  • PDF

Managing Roles

  • Dark
    Light
  • PDF

Article summary

Implement Axonius Role Based Access Control (RBAC) by creating roles. Use the Roles page to create and manage roles.

A role is a predefined set of permissions. Each user is assigned to a specific role. This means that any changes to the role permissions affect all the users to whom the role is assigned.

To manage Roles:

  1. From the top right corner of any page, click image.png. The System Settings page opens.
  2. In the Categories/Subcategories pane of the System Settings page, expand User and Role Management, and select Roles.

RolesTable.png

You can export the roles and related permissions to a CSV file.

The Roles page displays the following:

  • Roles - the list of defined Axonius roles.
    Axonius includes the following default system roles:

    • Admin - A user with maximum permissions for all Axonius platform and product pages and capabilities.
    • Viewer - A user with 'View' permissions for all Axonius platform and product pages, and who has no access to the System Settings (including user management).
    • Restricted - A user who can view only the Dashboards page, and who has no access to all other pages and capabilities.
    • No Access - A user with no permissions.
      In addition, all roles the admin defined appear here.
    Note:
    • System roles cannot be edited.
    • A system role can be duplicated and configured by a user who has the required set of permissions.
  • Users - The number of users in the system with that role. This does not include Service Accounts. Click on a number to open the Asset Profile page and display a list of users with that role.

  • Service Accounts - The number of Service Accounts this role can access. Click the blue number to view the Service Accounts page filtered on this role.

  • Roles categories and permissions levels - A role consists of multiple categories. Each category consists of a different set of permissions.

    • The Permissions List describes the permission and behavior for each category and permission.
    • Each category is summarized to one of the following levels:
      • No Access - None of the permissions within the category are enabled.
      • Partial Access - Some of permissions within the category are enabled.
      • Full Access - All of permissions within the category are enabled.
Note:

All logged-in Axonius users can view certain basic information regardless of their associated roles. This includes the names of Adapters, any Adapter Labels, and the names of Axonius nodes.

Adding a New Role

  1. From the Roles page, click Add Role.

  2. The New Role drawer opens.

NewRole2

  1. Provide a name for the role and select the permission level for each permission category.

    Note:
    1. It is suggested to allow 'View dashboard' to all users.
    2. Assigning a user with a role that provides permissions to add and to edit users and roles will allow that user to create any user type with any permission level.
  2. Click Save.

    Note:
    If you are using an Identity Provider Login, for example SAML, any user logging in for the first time will be automatically added to the users list and assigned a role based on the configured role assignment rules. For details, see Identity Provider Settings .

Duplicating an Existing Role

To duplicate an existing role:

  1. From the Roles page, click the role you want to duplicate; the New Role drawer opens.

DEuplicateRole.png

  1. On the right side of the drawer, click the duplicate ( image.png ) icon.
  2. Change the permission name or desired permissions.
  3. Click Save.

Updating an Existing Role

  1. From the Roles page, click the role you want to update; the Manage Role drawer opens.

DEuplicateRole.png

  1. On the right side of the drawer click the edit ( image.png ) icon.
  2. Change the permission name or desired permissions.
  3. Click Save.
Note:
Changing the role permissions affects all users and logouts all impacted users.

Deleting an Existing Role

  1. From the Roles page, click the role you want to delete; the Manage Role drawer opens.

DEuplicateRole.png

  1. On the right side of the drawer, click the Delete ( image.png ) icon.
Note:
  • A Role can be deleted only if it is not assigned to any user.
  • Default system roles cannot be deleted.

Filtering by Role Type

You can find all users with a specific role type.

  1. Click on the Role drop down box. All the role types that are configured on the system are displayed, both the system roles and the user configured roles. This does not include service accounts.

    RoleTypes.png

  2. Choose one or more role types. The role types you chose are displayed.

  • Click Clear All to clear all of your selections. Use Reset to clear the search.

For general information about working with tables refer to Working with Tables.



Was this article helpful?