Login
    Contents x
    Permissions List
    • 19 Oct 2023
    • 8 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Contents

    Permissions List

    • Updated on 19 Oct 2023
    • 8 Minutes to read
    • Print
    • Dark
      Light
    • PDF
    Article Summary

    Permissions are the building blocks for Axonius Role Based Access Control (RBAC). Each role consists of a collection of permissions for various elements in the system. Each user is assigned to a specific role.
    Each role consists of the following categories and each category consists of different set of permissions.
    The table below describes the behavior for each category and permission.
    Absence of permissions for specific items may mean that elements in the system are not displayed, or disabled, depending on the definitions of that permission.

    Global Actions

    CategoryPermissionUI PageUI ComponentBehavior (when permission is disabled)
    Global ActionsExport to CSV enabledAll pages in the system where CSV Export existsExport CSV buttonDisabled
    Global ActionsExport to CSV enabledCharts, ReportsExport options in charts, Download CSV in ReportsHidden
    Global ActionsSave data analyticsData AnalyticsData Analytics page, ReportsHidden


    API Access

    CategoryPermissionUI PageUI ComponentBehavior (when permission is disabled)
    API AccessAPI Access enabledN/AN/AThe user cannot login via the API
    API AccessAPI Access enabledUser settings tabAPI Key tabHidden
    AP AccessReset API KeyAccount SettingsReset Key buttonHidden


    Asset Investigation

    CategoryPermissionUI PageUI ComponentBehavior (when permission is disabled)
    Asset InvestigationView Asset InvestigationDevices/Users Button Hidden
    Asset Investigation
    		Delete saved queryQueries Public query - Delete button (drawer) Hidden
    Asset Investigation
    		Create saved queryAsset Investigation Save Query dialog Disabled
    Asset Investigation
    		Edit saved queriesQueriesEdit button (drawer)
    		Hidden
    Asset Investigation
    		Run saved queriesAsset Investigation/Queries
    		Run Query button (drawer)
    		Disabled

    System and User Management

    CategoryPermissionUI PageUI ComponentBehavior (when permission is disabled)
    System and User ManagementView system settingsAll pagesSystem Settings buttonDisabled
    System and User ManagementView system settingsSystem SettingsPageNot accessible
    System and User ManagementView system settingsSystem SettingsLifecycle SettingsNot accessible
    System and User ManagementView system settingsSystem SettingsGlobal SettingsNot accessible
    System and User ManagementView system settingsSystem SettingsGUI SettingsNot accessible
    System and User ManagementView system settingsSystem SettingsIdentity Providers SettingsNot accessible
    System and User ManagementView system settingsSystem SettingsTunnel SettingsNot accessible
    System and User ManagementView user accounts and rolesSystem SettingsIdentity Providers SettingsNot accessible
    System and User ManagementView user accounts and rolesSystem SettingsManage Users tabHidden
    System and User ManagementView user accounts and rolesSystem SettingsManage Roles tabHidden
    System and User ManagementView user accounts and rolesAxonius DashboardEdit dashboard radio button selectionDisabled
    System and User ManagementAdd userSystem Settings - Manage Users tabAdd User buttonDisabled
    System and User ManagementAdd userSystem Settings - Manage Users tabDrawerDisabled
    System and User ManagementEdit usersSystem Settings - Manage Users tabDrawerDisabled
    System and User ManagementEdit usersSystem Settings - Manage Users tabAssign role option (Actions menu)Hidden
    System and User ManagementDelete userSystem Settings - Manage Users tabDelete user option (Actions menu)Hidden
    System and User ManagementDelete userSystem Settings - Manage Users tabDelete user button (from drawer)Hidden
    System and User ManagementAdd roleSystem Settings - Manage Roles tabAdd role buttonDisabled
    System and User ManagementAdd roleSystem Settings - Manage Roles tabDuplicate role button (from drawer)Hidden
    System and User ManagementEdit rolesSystem Settings - Manage Roles tabDrawerDisabled
    System and User ManagementEdit rolesSystem SettingsIdentity Providers SettingsDisabled
    System and User ManagementUpdate system settingsSystem Settings - all tabsSave buttonsDisabled
    System and User ManagementUpdate system settingsSystem Settings - all tabsAll fieldsDisabled
    System and User ManagementUpdate system settingsDevicesEdit System ViewHidden
    System and User ManagementUpdate system settingsUsersEdit System ViewHidden
    System and User ManagementRun manual discovery cycleAll pagesRun Discovery buttonDisabled
    System and User ManagementView NotificationsAll PagesNotification iconDisabled
    System and User ManagementManage Service AccountsSystem SettingsManage Service AccountsDisabled
    System and User ManagementManage admin usersSystem Settings - Manage Users tabUser tableAdmin role hidden
    System and User ManagementManage admin usersSystem Settings - Manage Users tabRole Assignment Drop-downAdmin role hidden
    System and User ManagementManage admin usersSystem Settings - Manage Roles tabRoles tableAdmin role hidden
    System and User ManagementManage admin usersSystem Settings - Identity Providers Settings tabDefault Role for new SAML/LADPAdmin role hidden
    System and User ManagementManage admin usersSystem Settings - Identity Providers Settings tabRole Assignment Rules SAML/LADPAdmin role hidden
    System and User Management
    		Manage tunnelsSystem Settings - Manage Tunnels tabManage TunnelsTunnels Tab hidden


    Dashboard

    CategoryPermissionUI PageUI ComponentBehavior (when permission is disabled)
    DashboardView dashboardAll pagesLeft navigation menu - Dashboard iconDisabled
    DashboardView dashboardAxonius DashboardPageNot accessible
    DashboardView dashboardReport ConfigurationDashboard selectionOption is not available
    DashboardDelete chartAxonius DashboardChart menu - DeleteHidden
    DashboardAdd chartAxonius DashboardAdd chart (+ card)Hidden
    DashboardAdd chartAxonius DashboardChart menu - Move and CopyLimited to Move
    DashboardEdit chartsAxonius DashboardChart menu - EditHidden
    DashboardEdit chartsAxonius DashboardChart menu - Move and CopyLimited to Copy
    DashboardAdd and editdashboardsAxonius DashboardAdddashboard (+)Hidden
    DashboardAdd and editdashboardsAxonius DashboardDashboard menu - EditHidden
    DashboardDeletedashboardsAxonius Dashboard Dashboard menu - DeleteHidden
    DashboardRefreshdashboardsAxonius Dashboard Dashboard menu - DeleteHidden
    DashboardAdd and edit private
    dashboards    		Axonius DashboardAdddashboard (+)Hidden
    DashboardAdd and edit for
    all data scopes    		Axonius DashboardAdddashboard (+)
    		Hidden


    Device Assets

    CategoryPermissionUI PageUI ComponentBehavior (when permission is disabled)
    Device AssetsView devicesAll pagesLeft navigation menu - Devices iconDisabled
    Device AssetsView devicesDevicesPageNot accessible
    Device AssetsView devicesAxonius DashboardSearch barSearch will not apply on device assets
    Device AssetsView devicesAxonius DashboardChartsSelecting devices is not available
    Device AssetsView devicesAxonius DashboardChart configurationSelecting devices saved queries is not available
    Device AssetsView devicesCloud Asset ComplianceShow affected devices buttonDisabled (only for devices)
    Device AssetsEdit devicesDevicesBulk selection (checkboxes)Hidden
    Device AssetsEdit devicesDevicesActions menuDisabled
    Device AssetsEdit devicesDevicesAll actions: link, unlink, delete, tag, custom data...Not accessible
    Device AssetsEdit devicesDevice Profile - Tags tabCreate/Edit/Delete tagsDisabled
    Device AssetsEdit devicesDevice Profile - Custom dataCreate/Edit/Delete custom dataDisabled
    Device AssetsManage notesDevice Profile - Notes tabCreate/Edit/Delete notesDisabled
    Device AssetsRun saved queriesQueries Run Query button (drawer)Disabled
    Device AssetsRun saved queriesDevicessearch bar - saved queries in the query searchHidden
    Device AssetsEdit saved queries Queries Edit button (drawer)Hidden
    Device AssetsEdit saved queriesDevicesSave - for saved queriesDisabled
    Device AssetsEdit saved queriesDevicesRename saved queryDisabled
    Device AssetsDelete saved queryQueries Public query - Delete button (drawer)Hidden
    Device AssetsDelete saved queryQueries Delete button (bulk selection)Hidden
    Device AssetsDelete saved queryQueries Bulk selection (checkboxes)Hidden
    Device AssetsCreate saved queryQueries Private query - Set Public button (drawer)Hidden
    Device AssetsCreate saved queryDevicesPrivate query checkbox (Save Query dialog)Disabled (and selected)


    User Assets

    CategoryPermissionUI PageUI ComponentBehavior (when permission is disabled)
    User AssetsView usersAll pagesLeft navigation menu - Users iconDisabled
    User AssetsView usersUsersPageNot accessible
    User AssetsView usersAxonius DashboardSearch barSearch will not apply on user assets
    User AssetsView usersAxonius DashboardChartsSelecting users is not available
    User AssetsView usersAxonius DashboardChart configurationSelecting users saved queries is not available
    User AssetsView usersCloud Asset ComplianceShow affected users buttonDisabled (only for users)
    User AssetsEdit usersUsersBulk selection (checkboxes)Hidden
    User AssetsEdit usersUsersActions menuDisabled
    User AssetsEdit usersUsersAll actions: link, unlink, delete, tag, custom data...Not accessible
    User AssetsEdit usersUser Profile - Tags tabCreate/Edit/Delete tagsDisabled
    User AssetsEdit usersUser Profile - Custom dataCreate/Edit/Delete custom dataDisabled
    User AssetsManage notesUser Profile - Notes tabCreate/Edit/Delete notesDisabled
    User AssetsRun saved queriesSaved QueriesRun Query button (drawer)Disabled
    User AssetsRun saved queriesUserssearch bar - saved queries in the query searchHidden
    User AssetsEdit saved queriesQueriesEdit button (drawer)Hidden
    User AssetsEdit saved queriesUsersSave - for saved queriesDisabled
    User AssetsEdit saved queriesUsersRename saved queryDisabled
    User AssetsDelete saved queryQueriesDelete button (drawer)Hidden
    User AssetsDelete saved queryQueriesDelete button (bulk selection)Hidden
    User AssetsDelete saved queryQueriesBulk selection (checkboxes)Hidden
    User AssetsCreate saved queryQueriesPrivate query - Set Public button (drawer)Hidden
    User AssetsCreate saved queryUsersPrivate query checkbox (Save Query dialog)Disabled (and selected)


    Vulnerability Assets

    CategoryPermissionUI PageUI ComponentBehavior (when permission is disabled)
    Vulnerability AssetsView vulnerabilities All pagesLeft navigation menu - Devices iconDisabled
    Vulnerability AssetsView vulnerabilities VulnerabilitiesPageNot accessible
    Vulnerability AssetsEdit vulnerabilities VulnerabilitiesBulk selection (checkboxes)Hidden
    Vulnerability AssetsRun saved queriesQueries Run Query button (drawer)Disabled
    Vulnerability AssetsRun saved queriesVulnerabilitiessearch bar - saved queries in the query searchHidden
    Vulnerability AssetsEdit saved queries Queries Edit button (drawer)Hidden
    Vulnerability AssetsEdit saved queriesVulnerabilitiesSave - for saved queriesDisabled
    Vulnerability AssetsEdit saved queriesVulnerabilitiesRename saved queryDisabled
    Vulnerability AssetsDelete saved queryQueries Public query - Delete button (drawer)Hidden
    Vulnerability AssetsDelete saved queryQueries Delete button (bulk selection)Hidden
    Vulnerability AssetsDelete saved queryQueries Bulk selection (checkboxes)Hidden
    Vulnerability AssetsCreate saved queryQueries Private query - Set Public button (drawer)Hidden
    Vulnerability AssetsCreate saved queryDevicesPrivate query checkbox (Save Query dialog)Disabled (and selected)


    Queries

    CategoryPermissionUI PageUI ComponentBehavior (when permission is disabled)
    QueriesManage query foldersQueriesQuery foldersDisabled
    QueriesView query history of all usersQuery HistoryPageNot accessible

    Reports

    CategoryPermissionUI PageUI ComponentBehavior (when permission is disabled)
    ReportsView reportsAll pagesLeft navigation menu - Reports iconDisabled
    ReportsView reportsReportsPageNot accessible (unless Use private reports is enabled)
    ReportsAdd reportReportsAdd report buttonDisabled (unless Use private reports is enabled)
    ReportsEdit reportsReport ConfigurationAll input fieldsDisabled (unless Use private reports is enabled)
    ReportsDelete reportReportsBulk selection (checkboxes)Hidden (unless Use private reports is enabled)
    ReportsDelete reportReportsDelete button (bulk selection)Hidden (unless Use private reports is enabled)
    ReportsUse private reportsReport ConfigurationPrivate report checkboxDisabled
    ReportsDeactivate ReportsReport ConfigurationToggle buttonDisabled


    Instances

    CategoryPermissionUI PageUI ComponentBehavior (when permission is disabled)
    InstancesView instancesAll pagesLeft navigation menu - Instances iconDisabled
    InstancesView instancesInstancesPageNot accessible
    InstancesEdit instanceInstancesAll input fieldsDisabled
    InstancesEdit instanceInstancesBulk selection (checkboxes)Hidden
    InstancesEdit instanceInstancesDeactivate / Reactivate buttonsHidden


    Adapters

    CategoryPermissionUI PageUI ComponentBehavior (when permission is disabled)
    AdaptersView adaptersAll pagesLeft navigation menu - Adapters iconDisabled
    AdaptersView adaptersAll pagesPageNot accessible
    AdaptersAdd connectionAdapterAdd connectionDisabled
    AdaptersEdit connectionsAdapterEdit connections - open connection modalDisabled
    AdaptersEdit adapter advanced settingsAdapterAdvanced Settings buttonDisabled
    AdaptersEdit adapter advanced settingsAdapters - Action menuOverride Advanced Settings Values optionDisabled
    AdaptersDelete connectionAdapterBulk selection (checkboxes)Hidden
    AdaptersDelete connectionAdapterDelete button (bulk selection)Hidden
    AdaptersTerminate connectionAdapter Fetch HistoryBulk selection (checkboxes)Hidden
    AdaptersTerminate connectionAdapter Fetch History - Action menuTerminate connectionHidden
    AdaptersRun saved queries
    		Queries
    		Run Query button (drawer)
    		Disabled
    Adapters
    		Create saved query
    		Queries
    		Duplicate button (drawer)Hidden
    Adapters
    		Edit saved queries
    		QueriesTag button (bulk selection)
    		Hidden
    Adapters
    		Edit saved queriesQueries
    		Edit button (drawer)
    		Hidden
    Adapters
    		Edit saved queries
    		Adapters Fetch History
    		Save - for saved queries
    		Disabled
    Adapters
    		Edit saved queries
    		Adapters Fetch History
    		Update query details
    		Disabled
    Adapters
    		Delete saved query
    		Queries
    		Public query - Delete button (drawer)
    		Hidden
    Adapters
    		Delete saved query
    		Queries
    		Public query - Delete button (drawer)
    		Hidden


    Activity Logs

    CategoryPermissionUI PageUI ComponentBehavior (when permission is disabled)
    Activity logsView activity logsAll pagesLeft navigation menu - Activity logs iconDisabled
    Activity logsView activity logsActivity logsPageNot accessible
    Activity logsRun saved queriesQueriesRun Query button (drawer)Disabled
    Activity logsEdit saved queriesQueries Edit button (drawer)Hidden
    Activity logsEdit saved queriesActivity logsSave - for saved queriesDisabled
    Activity logsEdit saved queriesActivity logsRename saved queryDisabled
    Activity logsDelete saved queryQueries Public query - Delete button (drawer)Hidden
    Activity logsDelete saved queryQueries Delete button (bulk selection)Hidden
    Activity logsDelete saved queryQueries Bulk selection (checkboxes)Hidden
    Activity logsCreate saved queryActivity logsPrivate query - Set Public button (drawer)Hidden
    Activity logsCreate saved queryActivity logsPrivate query checkbox (Save Query dialog)Disabled (and selected)

    Enforcement Center

    Note:

    In order to add an Enforcement Action the role needs to have both Edit Enforcements and Add Enforcements permissions.  

    CategoryPermissionUI PageUI ComponentBehavior (when permission is disabled)
    Enforcement CenterView Enforcement CenterAll pagesLeft navigation menu - EC iconDisabled
    Enforcement CenterView Enforcement CenterEnforcement CenterPageNot accessible
    Enforcement CenterView Enforcement CenterDevice/User Profile - EC Tasks tabLink to taskRemove link
    Enforcement CenterView Enforcement Center  Queries (Devices)Enforce button (drawer)Hidden
    Enforcement CenterView Enforcement Center Queries (Users)Enforce button (drawer)Hidden
    Enforcement CenterEdit EnforcementsEnforcement SetAll input fieldsDisabled
    Enforcement CenterEdit EnforcementsEnforcement SetEdit button (drawer)Hidden
    Enforcement CenterEdit EnforcementsEnforcement SetDelete button (drawer)Hidden
    Enforcement CenterEdit EnforcementsEnforcement CenterAdd Enforcement buttonDisabled
    Enforcement CenterEdit Enforcements  Queries (Devices)Enforce button (drawer)Hidden
    Enforcement CenterEdit Enforcements Queries (Users)Enforce button (drawer)Hidden
    Enforcement CenterAdd EnforcementEnforcement CenterAdd Enforcement buttonDisabled
    Enforcement CenterAdd Enforcement Queries (Devices)Enforce button (drawer)Hidden
    Enforcement CenterAdd Enforcement Queries (Users)Enforce button (drawer)Hidden
    Enforcement CenterAdd EnforcementCloud Asset ComplianceEnforce menuDisabled
    Enforcement CenterAdd EnforcementDevices - Actions menuCreate New Enforcement optionDisabled
    Enforcement CenterAdd EnforcementUsers - Actions menuCreate New Enforcement optionDisabled
    Enforcement CenterView Enforcement TasksEnforcement CenterView Tasks buttonDisabled
    Enforcement CenterView Enforcement TasksEnforcement SetView Tasks buttonDisabled
    Enforcement CenterView Enforcement TasksDevice/User Profile - EC Tasks tabLink to taskRemove link
    Enforcement CenterView Enforcement TasksEnforce dialogLink to taskRemove link
    Enforcement CenterDelete EnforcementEnforcement CenterBulk selection (checkboxes)Hidden
    Enforcement CenterDelete EnforcementEnforcement CenterDelete button - Actions Menu (bulk selection)Hidden
    Enforcement CenterDelete EnforcementEnforcement Set - Combo buttonDelete optionHidden
    Enforcement CenterRun EnforcementDevices - Actions menuRun Existing Enforcement optionDisabled
    Enforcement CenterRun EnforcementUsers - Actions menuRun Existing Enforcement optionDisabled
    Enforcement CenterRun EnforcementRun button - bulk selectionRun Existing Enforcement optionHidden
    Enforcement CenterTerminate Enforcement TasksEnforcement Center - Enforcement Tasks TableBulk Selection (checkboxes)Hidden
    Enforcement CenterTerminate EnforcementEnforcement Center - Actions menuTerminate Enforcement TasksHidden
    Enforcement CenterDuplicate EnforcementEnforcement Center - Actions menuDuplicate optionHidden
    Enforcement CenterDuplicate EnforcementEnforcement Set - Combo buttonDuplicate optionHidden


    Cloud Asset Compliance

    Category
    		PermissionUI PageUI ComponentBehavior (when permission is disabled)
    Cloud Asset ComplianceView Cloud Asset ComplianceAll pagesLeft navigation menu - Cloud iconDisabled
    Cloud Asset ComplianceView Cloud Asset ComplianceCloud Asset CompliancePageNot accessible
    Cloud Asset ComplianceUpdate Benchmark settingsBenchmark ScoreScore menuHidden
    Cloud Asset ComplianceManage Exclusions and CommentsCloud Asset ComplianceAdd exclusion/comment button in Comments section (drawer)Hidden
    Cloud Asset ComplianceManage Exclusions and CommentsCloud Asset ComplianceDelete exclusion/comment button in Comments section (drawer)Hidden
    Cloud Asset ComplianceManage Exclusions and CommentsCloud Asset ComplianceEdit exclusion/comment button in Comments section (drawer)Hidden


    Ingestion Rules

    CategoryPermissionUI PageUI ComponentBehavior (when permission is disabled)
    Ingestion RulesView Ingestion RulesAdapter Advanced SettingsAdapter Advanced Settings
    		Hidden
    Ingestion Rules
    		Update Ingestion RulesAdapter Advanced Settings
    		Adapter Advanced Settings
    		Hidden

    SaaS Management

    CategoryPermissionUI PageUI ComponentBehavior (when permission is disabled)
    SaaS ManagementAdmin level actions
    		SaaS Management ModulesSaaS Management Modules and all Admin SettingsDisabled
    SaaS Management
    		View entities and data
    		SaaS Management Modules
    		SaaS Management Modules
    		Hidden




    Was this article helpful?
    What's Next
    Change password!
    Changing your password will log you out immediately. Use the new password to log back in.
    Change profile
    Success!
    First name must have atleast 2 characters. Numbers and special characters are not allowed.
    Last name must have atleast 1 characters. Numbers and special characters are not allowed.
    Enter a valid email
    Enter a valid password
    Your profile has been successfully updated.
    Logout