Axonius Documentation
Start typing to search…

Permissions List

Permissions are the building blocks for Axonius Role Based Access Control (RBAC). Each role consists of a collection of permissions for various elements in the system. Each user is assigned to a specific role. Each role consists of the following categories and each category consists of different set of permissions. The table below describes the behavior for each category and permission. Absence of permissions for specific items may mean that elements in the system are not displayed, or disabled, depending on the definitions of that permission.

Global Actions

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Save data analyticsData AnalyticsData Analytics page, ReportsHidden
Enable Support Center linkAll pages in the systemTop pane - Help and Support icon (?)Hidden

API Access

PermissionUI PageUI ComponentBehavior (when permission is disabled)
API Access enabledN/AN/AThe user cannot log in via the API
API Access enabledUser settings tabAPI Key tabHidden
Reset API KeyAccount SettingsReset Key buttonHidden

Asset Investigation

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Edit tracked fieldsAsset Investigation FieldsButtonDisabled
View asset investigationDevices/UsersButtonHidden
Delete saved queriesQueriesPublic query - Delete button (drawer)Hidden
Create saved queriesAsset InvestigationSave Query dialogDisabled
Edit saved queriesQueriesEdit button (drawer)Hidden
Run saved queriesAsset Investigation/QueriesRun Query button (drawer)Disabled

System and User Management

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Export to CSVSystem SettingsExport CSV buttonDisabled
View system settingsAll pagesSystem Settings buttonDisabled
View system settingsSystem SettingsPageNot accessible
View system settingsSystem SettingsLifecycle SettingsNot accessible
View system settingsSystem SettingsGlobal SettingsNot accessible
View system settingsSystem SettingsGUI SettingsNot accessible
View system settingsSystem SettingsIdentity Providers SettingsNot accessible
View system settingsSystem SettingsTunnel SettingsNot accessible
View user accounts and rolesSystem SettingsIdentity Providers SettingsNot accessible
View user accounts and rolesSystem SettingsManage Users tabHidden
View user accounts and rolesSystem SettingsManage Roles tabHidden
View user accounts and rolesAxonius DashboardEdit dashboard radio button selectionDisabled
Add userSystem Settings - Manage Users tabAdd User buttonDisabled
Add userSystem Settings - Manage Users tabDrawerDisabled
Edit usersSystem Settings - Manage Users tabDrawerDisabled
Edit usersSystem Settings - Manage Users tabAssign role option (Actions menu)Hidden
Delete userSystem Settings - Manage Users tabDelete user option (Actions menu)Hidden
Delete userSystem Settings - Manage Users tabDelete user button (from drawer)Hidden
Add roleSystem Settings - Manage Roles tabAdd role buttonDisabled
Add roleSystem Settings - Manage Roles tabDuplicate role button (from drawer)Hidden
Edit rolesSystem Settings - Manage Roles tabDrawerDisabled
Edit rolesSystem SettingsIdentity Providers SettingsDisabled
Update system settingsSystem Settings - all tabsSave buttonsDisabled
Update system settingsSystem Settings - all tabsAll fieldsDisabled
Update system settingsDevicesEdit System ViewHidden
Update system settingsUsersEdit System ViewHidden
Run manual discovery cycleAll pagesRun Discovery buttonDisabled
View NotificationsAll PagesNotification iconDisabled
Manage Service AccountsSystem SettingsManage Service AccountsDisabled
Manage admin usersSystem Settings - Manage Users tabUser tableAdmin role hidden
Manage admin usersSystem Settings - Manage Users tabRole Assignment Drop-downAdmin role hidden
Manage admin usersSystem Settings - Manage Roles tabRoles tableAdmin role hidden
Manage admin usersSystem Settings - Identity Providers Settings tabDefault Role for new SAML/LADPAdmin role hidden
Manage admin usersSystem Settings - Identity Providers Settings tabRole Assignment Rules SAML/LADPAdmin role hidden
Manage gatewaysSystem Settings - GatewaysGatewaysGateways hidden

Dashboard

PermissionUI PageUI ComponentBehavior (when permission is disabled)
View dashboardAll pagesLeft navigation menu - Dashboard iconDisabled
View dashboardAxonius DashboardPageNot accessible
View dashboardReport ConfigurationDashboard selectionOption is not available
Delete chartAxonius DashboardChart menu - DeleteHidden
Add chartAxonius DashboardAdd chart (+ card)Hidden
Add chartAxonius DashboardChart menu - Move and CopyLimited to Move
Edit chartsAxonius DashboardChart menu - EditHidden
Edit chartsAxonius DashboardChart menu - Move and CopyLimited to Copy
Edit chartsAxonius DashboardDrag and resize chartsDisabled
Export to CSVAxonius DashboardExport options in chartsDisabled
Add and edit dashboardAxonius DashboardAdd dashboard (+)Hidden
Add and edit dashboardAxonius DashboardDashboard menu - EditHidden
Delete dashboardAxonius DashboardDashboard menu - DeleteHidden
Export dashboardAxonius DashboardDashboard menu - ExportHidden
Import dashboardAxonius DashboardDashboard menu - ImportHidden
Set Data Scope DefaultsDashboard ManagerDashboard menu - Date Scope DefaultHidden
Manage dashboard foldersAxonius DashboardDashboard listHidden
Refresh dashboardAxonius DashboardDashboard menu - RefreshHidden
Add and edit private dashboardsAxonius DashboardAdd dashboard (+)Hidden
Add and edit for all data scopesAxonius DashboardAdd dashboard (+)Hidden

Device Assets

📘

Note:

Permissions are configured separately for each asset type in Axonius. The permissions available for each asset are similar to those detailed below for Device and User assets. Refer to the list of Asset Types for the full list of assets which each need these permissions configured.

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Edit device relationshipsAsset GraphGraphDisabled (edit relationships)
Export to CSVAll Device pages with a CSV Export optionExport CSV buttonDisabled
View devicesAll pagesLeft navigation menu - Devices iconDisabled
View devicesDevicesPageNot accessible
View devicesAxonius DashboardSearch barSearch will not apply on device assets
View devicesAxonius DashboardChartsSelecting devices is not available
View devicesAxonius DashboardChart configurationSelecting devices saved queries is not available
View devicesCloud Asset ComplianceShow affected devices buttonDisabled (only for devices)
Create, delete, and linkDevicesBulk selection (checkboxes)Hidden
Create, delete, and linkDevicesActions menuDisabled
Create, delete, and linkDevicesAll actions: link, unlink, delete...Not accessible
Edit tags and custom dataDevicesBulk selection (checkboxes)Hidden
Edit tags and custom dataDevicesActions menuDisabled
Edit tags and custom dataDevicesAll actions: tag and custom dataNot accessible
Edit tags and custom dataDevice Profile - Tags tabCreate/Edit/Delete tagsDisabled
Edit tags and custom dataDevice Profile - Custom dataCreate/Edit/Delete custom dataDisabled
Manage notesDevice Profile - Notes tabCreate/Edit/Delete notesDisabled
Run saved queriesQueriesRun Query button (drawer)Disabled
Run saved queriesDevicessearch bar - saved queries in the query searchHidden
Edit saved queriesQueriesEdit button (drawer)Hidden
Edit saved queriesDevicesSave - for saved queriesDisabled
Edit saved queriesDevicesRename saved queryDisabled
Delete saved queryQueriesPublic query - Delete button (drawer)Hidden
Delete saved queryQueriesDelete button (bulk selection)Hidden
Delete saved queryQueriesBulk selection (checkboxes)Hidden
Create saved queryQueriesPrivate query - Set Public button (drawer)Hidden
Create saved queryDevicesPrivate query checkbox (Save Query dialog)Disabled (and selected)

User Assets

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Edit users relationshipsAsset GraphGraphDisabled (edit relationships)
Export to CSVDevice pages with a CSV Export optionExport CSV buttonDisabled
View usersAll pagesLeft navigation menu - Users iconDisabled
View usersUsersPageNot accessible
View usersAxonius DashboardSearch barSearch will not apply on user assets
View usersAxonius DashboardChartsSelecting users is not available
View usersAxonius DashboardChart configurationSelecting users saved queries is not available
View usersCloud Asset ComplianceShow affected users buttonDisabled (only for users)
Create, delete, and linkUsersBulk selection (checkboxes)Hidden
Create, delete, and linkUsersActions menuDisabled
Create, delete, and linkUsersAll actions: link, unlink, delete...Not accessible
Edit tags and custom dataUsersBulk selection (checkboxes)Hidden
Edit tags and custom dataUsersActions menuDisabled
Edit tags and custom dataUsersAll actions: tag and custom dataDisabled
Edit tags and custom dataUsers Profile - TagsCreate/Edit/Delete tagsDisabled
Edit tags and custom dataUsers Profile - Custom dataCreate/Edit/Delete custom dataDisabled
Manage notesUser Profile - Notes tabCreate/Edit/Delete notesDisabled
Run saved queriesSaved QueriesRun Query button (drawer)Disabled
Run saved queriesUserssearch bar - saved queries in the query searchHidden
Edit saved queriesQueriesEdit button (drawer)Hidden
Edit saved queriesUsersSave - for saved queriesDisabled
Edit saved queriesUsersRename saved queryDisabled
Delete saved queryQueriesDelete button (drawer)Hidden
Delete saved queryQueriesDelete button (bulk selection)Hidden
Delete saved queryQueriesBulk selection (checkboxes)Hidden
Create saved queryQueriesPrivate query - Set Public button (drawer)Hidden
Create saved queryUsersPrivate query checkbox (Save Query dialog)Disabled (and selected)

Vulnerability Assets

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Edit software relationshipsAsset GraphGraphDisabled (edit relationships)
Export to CSVVulnerability pages with a CSV Export optionExport CSV buttonDisabled
View vulnerabilitiesAll pagesLeft navigation menu - Vulnerabilities iconDisabled
View vulnerabilitiesVulnerabilitiesPageNot accessible
Create, delete, and linkVulnerabilitiesBulk selection (checkboxes)Hidden
Create, delete, and linkVulnerabilitiesActions menuDisabled
Create, delete, and linkVulnerabilitiesAll actions: link, unlink, delete...Not accessible
Edit tags and custom dataVulnerabilitiesBulk selection (checkboxes)Hidden
Edit tags and custom dataVulnerabilitiesActions menuDisabled
Edit tags and custom dataVulnerabilitiesAll actions: tag and custom dataDisabled
Edit tags and custom dataVulnerabilities Profile - Tags tab Profile - Custom dataCreate/Edit/Delete tagsDisabled
Edit tags and custom dataVulnerabilitiesCreate/Edit/Delete custom dataDisabled
Run saved queriesQueriesRun Query button (drawer)Disabled
Run saved queriesVulnerabilitiessearch bar - saved queries in the query searchHidden
Edit saved queriesQueriesEdit button (drawer)Hidden
Edit saved queriesVulnerabilitiesSave - for saved queriesDisabled
Edit saved queriesVulnerabilitiesRename saved queryDisabled
Delete saved queryQueriesPublic query - Delete button (drawer)Hidden
Delete saved queryQueriesDelete button (bulk selection)Hidden
Delete saved queryQueriesBulk selection (checkboxes)Hidden
Create saved queryQueriesPrivate query - Set Public button (drawer)Hidden
Create saved queryVulnerabilitiesPrivate query checkbox (Save Query dialog)Disabled (and selected)

Software Assets

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Edit software relationshipsAsset GraphGraphDisabled (edit relationships)
Export to CSVSoftware pages with a CSV Export optionExport CSV buttonDisabled
View softwareAll pagesLeft navigation menu - Devices iconDisabled
View softwareSoftwarePageNot accessible
Create, delete, and linkSoftwareBulk selection (checkboxes)Hidden
Create, delete, and linkSoftwareActions menuDisabled
Create, delete, and linkSoftwareAll actions: link, unlink, delete...Not accessible
Edit tags and custom dataSoftwareBulk selection (checkboxes)Hidden
Edit tags and custom dataSoftwareActions menuDisabled
Edit tags and custom dataSoftwareAll actions: tag and custom dataNot accessible
Edit tags and custom dataSoftware Profile - Tags tabCreate/Edit/Delete tagsDisabled
Edit tags and custom dataSoftware Profile - Custom tabCreate/Edit/Delete custom dataDisabled
Edit softwareSoftware Profile - Custom dataBulk selection (checkboxes)Hidden
Run saved queriesQueriesRun Query button (drawer)Disabled
Run saved queriesSoftwaresearch bar - saved queries in the query searchHidden
Edit saved queriesQueriesEdit button (drawer)Hidden
Edit saved queriesSoftwareSave - for saved queriesDisabled
Manage Software approval listSoftwareButtonHidden
Manage Software approval listSoftware approval listPageHidden
Edit saved queriesSoftwareRename saved queryDisabled
Delete saved queryQueriesPublic query - Delete button (drawer)Hidden
Delete saved queryQueriesDelete button (bulk selection)Hidden
Delete saved queryQueriesBulk selection (checkboxes)Hidden
Create saved queryQueriesPrivate query - Set Public button (drawer)Hidden
Create saved querySoftwarePrivate query checkbox (Save Query dialog)Disabled (and selected)

Queries

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Add and edit for all data scopes
Export Queries
Export to CSVData AnalyticsData Analytics page, ReportsDisabled
Import Queries
Manage query foldersQueriesQuery foldersDisabled
Manage query calculation
View query history of all usersQuery HistoryPageNot accessible

Reports

PermissionUI PageUI ComponentBehavior (when permission is disabled)
View reportsAll pagesLeft navigation menu - Reports iconDisabled
View reportsReportsPageNot accessible (unless Use private reports is enabled)
Export to CSVReportsDownload CSV in ReportsDisabled
Add reportReportsAdd report buttonDisabled (unless Use private reports is enabled)
Edit reportsReport ConfigurationAll input fieldsDisabled (unless Use private reports is enabled)
Delete reportReportsBulk selection (checkboxes)Hidden (unless Use private reports is enabled)
Delete reportReportsDelete button (bulk selection)Hidden (unless Use private reports is enabled)
Use private reportsReport ConfigurationPrivate report checkboxDisabled
Deactivate ReportsReport ConfigurationToggle buttonDisabled

Manage Nodes

PermissionUI PageUI ComponentBehavior (when permission is disabled)
View Compute NodesAll pagesLeft navigation menu - Instances iconDisabled
View Compute NodesManage NodesPageNot accessible
Edit Compute NodesManage NodesAll input fieldsDisabled
Edit Compute NodesManage NodesBulk selection (checkboxes)Hidden
Edit Compute NodesManage NodesDeactivate / Reactivate buttonsHidden

Adapters

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Export to CSV enabledAll pages in the system where CSV Export existsExport CSV buttonDisabled
View adaptersAll pagesLeft navigation menu - Adapters iconDisabled
View adaptersAll pagesPageNot accessible
Add connectionAdapterAdd connectionDisabled
Edit connectionsAdapterEdit connections - open connection modalDisabled
Edit adapter advanced settingsAdapterAdvanced Settings buttonDisabled
Edit adapter advanced settingsAdapters - Action menuOverride Advanced Settings Values optionDisabled
Delete connectionAdapterBulk selection (checkboxes)Hidden
Delete connectionAdapterDelete button (bulk selection)Hidden
Terminate connectionAdapter Fetch HistoryBulk selection (checkboxes)Hidden
Terminate connectionAdapter Fetch History - Action menuTerminate connectionHidden
Export to CSV enabledAll pages in the system where CSV Export existsExport CSV buttonDisabled
Run saved queriesQueriesRun Query button (drawer)Disabled
Create saved queriesQueriesDuplicate button (drawer)Hidden
Edit saved queriesQueriesTag button (bulk selection)Hidden
Edit saved queriesQueriesEdit button (drawer)Hidden
Edit saved queriesAdapters Fetch HistorySave - for saved queriesDisabled
Edit saved queriesAdapters Fetch HistoryUpdate query detailsDisabled
Delete saved queriesQueriesPublic query - Delete button (drawer)Hidden
Delete saved queriesQueriesPublic query - Delete button (drawer)Hidden
Fetch connectionAdapter ProfileFetch buttonHidden
Fetch connectionAdapter Profile - Add ConnectionSave and Fetch buttonDisabled

Activity Logs

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Export to CSVActivity logsExport CSV buttonDisabled
View activity logsActivity logsPageNot accessible
Run saved queriesQueriesRun Query button (drawer)Disabled
Edit saved queriesQueriesEdit button (drawer)Hidden
Edit saved queriesActivity logsSave - for saved queriesDisabled
Edit saved queriesActivity logsRename saved queryDisabled
Delete saved queriesQueriesPublic query - Delete button (drawer)Hidden
Delete saved queriesQueriesDelete button (bulk selection)Hidden
Delete saved queriesQueriesBulk selection (checkboxes)Hidden
Create saved queriesActivity logsPrivate query - Set Public button (drawer)Hidden
Create saved queriesActivity logsPrivate query checkbox (Save Query dialog)Disabled (and selected)

Case Management

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Delete Case ManagementCase ManagementDelete Action (hover or bulk selection)Disabled
View Case ManagementCase ManagementPage (Table, Kanban views)Not accessible
Add Case ManagementCase ManagementCreate Case button (drawer)Disabled
Edit Case ManagementCase ManagementClick row (drawer)Disabled

Enforcement Center

Note:

In order to add an Enforcement Action the role needs to have both Edit Enforcements and Add Enforcements permissions.

PermissionUI PageUI ComponentBehavior (when permission is disabled)
View Enforcement CenterAll pagesLeft navigation menu - EC iconDisabled
View Enforcement CenterEnforcement CenterPageNot accessible
View Enforcement CenterDevice/User Profile - EC Tasks tabLink to taskRemove link
View Enforcement CenterQueries (Devices)Enforce button (drawer)Hidden
View Enforcement CenterQueries (Users)Enforce button (drawer)Hidden
Edit EnforcementsEnforcement SetAll input fieldsDisabled
Edit EnforcementsEnforcement SetEdit button (drawer)Hidden
Edit EnforcementsEnforcement SetDelete button (drawer)Hidden
Edit EnforcementsEnforcement CenterAdd Enforcement buttonDisabled
Edit EnforcementsQueries (Devices)Enforce button (drawer)Hidden
Edit EnforcementsQueries (Users)Enforce button (drawer)Hidden
Add EnforcementEnforcement CenterAdd Enforcement buttonDisabled
Add EnforcementQueries (Devices)Enforce button (drawer)Hidden
Add EnforcementQueries (Users)Enforce button (drawer)Hidden
Add EnforcementCloud Asset ComplianceEnforce menuDisabled
Add EnforcementDevices - Actions menuCreate New Enforcement optionDisabled
Add EnforcementUsers - Actions menuCreate New Enforcement optionDisabled
View Enforcement TasksEnforcement CenterView Tasks buttonDisabled
View Enforcement TasksEnforcement SetView Tasks buttonDisabled
View Enforcement TasksDevice/User Profile - EC Tasks tabLink to taskRemove link
View Enforcement TasksEnforce dialogLink to taskRemove link
Delete EnforcementEnforcement CenterBulk selection (checkboxes)Hidden
Delete EnforcementEnforcement CenterDelete button - Actions Menu (bulk selection)Hidden
Delete EnforcementEnforcement Set - Combo buttonDelete optionHidden
Run EnforcementDevices - Actions menuRun Existing Enforcement optionDisabled
Run EnforcementUsers - Actions menuRun Existing Enforcement optionDisabled
Run EnforcementRun button - bulk selectionRun Existing Enforcement optionHidden
Terminate Enforcement TasksEnforcement Center - Enforcement Tasks TableBulk Selection (checkboxes)Hidden
Terminate EnforcementEnforcement Center - Actions menuTerminate Enforcement TasksHidden
Duplicate EnforcementEnforcement Center - Actions menuDuplicate optionHidden
Duplicate EnforcementEnforcement Set - Combo buttonDuplicate optionHidden

Field Mapping

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Delete Field MappingField MappingDelete Action (hover or bulk selectionDisabled
View Field MappingField MappingPageNot accessible
Add Field MappingField MappingCreate Field Mapping button and drawerDisabled
Edit Field MappingField MappingClick row and drawerDisabled

Findings

PermissionUI PageUI ComponentBehavior (when permission is disabled)
View AlertsFindings - AlertsPageNot accessible
Modify AlertsFindings - AlertsClick rowDisabled
View RulesFindings - Rules ManagerPageNot accessible
Modify RulesFindings - Rules ManagerClick row and drawerDisabled
Mark as seenFindings - AlertsMark as seen Action (hover or bulk selection)Disabled
Add Finding RuleFindings - Rules ManagerCreate Finding Rule button and drawerDisabled
Delete Finding RuleFindings - Rules ManagerDelete Action (hover or bulk selectionDisabled

Cloud Asset Compliance

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Export to CSVCloud Asset ComplianceExport CSV buttonDisabled
View Cloud Asset ComplianceAll pagesLeft navigation menu - Cloud iconDisabled
View Cloud Asset ComplianceCloud Asset CompliancePageNot accessible
Update Benchmark settingsBenchmark ScoreScore menuHidden
Manage Exclusions and CommentsCloud Asset ComplianceAdd exclusion/comment button in Comments section (drawer)Hidden
Manage Exclusions and CommentsCloud Asset ComplianceDelete exclusion/comment button in Comments section (drawer)Hidden
Manage Exclusions and CommentsCloud Asset ComplianceEdit exclusion/comment button in Comments section (drawer)Hidden

Ingestion Rules

PermissionUI PageUI ComponentBehavior (when permission is disabled)
View Ingestion RulesAdapter Advanced SettingsAdapter Advanced SettingsHidden
Update Ingestion RulesAdapter Advanced SettingsAdapter Advanced SettingsHidden

Asset Graph

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Add and edit for all data scopesAsset GraphAsset GraphDisabled
Delete graphAsset GraphAsset GraphDisabled
View graphAsset GraphAsset GraphDisabled
Manage graph foldersAsset Graph ManagerAsset GraphDisabled
Create graphAsset GraphAsset GraphDisabled
Edit graphAsset GraphAsset GraphDisabled
Load saved graphAsset Graph ManagerAsset GraphDisabled

Identities

There are two groups of permissions on the Permission List related to Rules:

  • Rules History assets - Permissions that relate to all assets and modules.

  • Identities: Rules- Permissions related to working with rules specifically:

    • Activation
    • Create and edit
    • Delete

The following table indicates which permissions are required for specific operations.

OperationRequired Permissions
View rulesView
Create a rule draftCreate and edit
Edit a rule draftCreate and edit
Create and edit a rule versionCreate and edit AND Activation
Rollback to a rule versionCreate and edit AND Activation
Replace a rule versionCreate and edit AND Activation
Duplicate ruleCreate and edit
Activate ruleActivation
Deactivate ruleActivation
Restore rule’s automatic revocationActivation
Delete ruleDelete

Updated 2 days ago