Permissions List
  • 24 Nov 2024
  • 10 Minutes to read
  • Dark
    Light
  • PDF

Permissions List

  • Dark
    Light
  • PDF

Article summary

Permissions are the building blocks for Axonius Role Based Access Control (RBAC). Each role consists of a collection of permissions for various elements in the system. Each user is assigned to a specific role.
Each role consists of the following categories and each category consists of different set of permissions.
The table below describes the behavior for each category and permission.
Absence of permissions for specific items may mean that elements in the system are not displayed, or disabled, depending on the definitions of that permission.

Global Actions

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Save data analyticsData AnalyticsData Analytics page, ReportsHidden
Enable Support Center linkAll pages in the systemTop pane - Help and Support icon (?)Hidden


API Access

PermissionUI PageUI ComponentBehavior (when permission is disabled)
API Access enabledN/AN/AThe user cannot log in via the API
API Access enabledUser settings tabAPI Key tabHidden
Reset API KeyAccount SettingsReset Key buttonHidden


Asset Investigation

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Edit tracked fieldsAsset Investigation FieldsButtonDisabled
View asset investigationDevices/UsersButtonHidden
Delete saved queriesQueriesPublic query - Delete button (drawer)Hidden
Create saved queriesAsset InvestigationSave Query dialogDisabled
Edit saved queriesQueriesEdit button (drawer)
Hidden
Run saved queriesAsset Investigation/Queries
Run Query button (drawer)
Disabled

System and User Management

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Export to CSV
System Settings
Export CSV button
Disabled
View system settingsAll pagesSystem Settings buttonDisabled
View system settingsSystem SettingsPageNot accessible
View system settingsSystem SettingsLifecycle SettingsNot accessible
View system settingsSystem SettingsGlobal SettingsNot accessible
View system settingsSystem SettingsGUI SettingsNot accessible
View system settingsSystem SettingsIdentity Providers SettingsNot accessible
View system settingsSystem SettingsTunnel SettingsNot accessible
View user accounts and rolesSystem SettingsIdentity Providers SettingsNot accessible
View user accounts and rolesSystem SettingsManage Users tabHidden
View user accounts and rolesSystem SettingsManage Roles tabHidden
View user accounts and rolesAxonius DashboardEdit dashboard radio button selectionDisabled
Add userSystem Settings - Manage Users tabAdd User buttonDisabled
Add userSystem Settings - Manage Users tabDrawerDisabled
Edit usersSystem Settings - Manage Users tabDrawerDisabled
Edit usersSystem Settings - Manage Users tabAssign role option (Actions menu)Hidden
Delete userSystem Settings - Manage Users tabDelete user option (Actions menu)Hidden
Delete userSystem Settings - Manage Users tabDelete user button (from drawer)Hidden
Add roleSystem Settings - Manage Roles tabAdd role buttonDisabled
Add roleSystem Settings - Manage Roles tabDuplicate role button (from drawer)Hidden
Edit rolesSystem Settings - Manage Roles tabDrawerDisabled
Edit rolesSystem SettingsIdentity Providers SettingsDisabled
Update system settingsSystem Settings - all tabsSave buttonsDisabled
Update system settingsSystem Settings - all tabsAll fieldsDisabled
Update system settingsDevicesEdit System ViewHidden
Update system settingsUsersEdit System ViewHidden
Run manual discovery cycleAll pagesRun Discovery buttonDisabled
View NotificationsAll PagesNotification iconDisabled
Manage Service AccountsSystem SettingsManage Service AccountsDisabled
Manage admin usersSystem Settings - Manage Users tabUser tableAdmin role hidden
Manage admin usersSystem Settings - Manage Users tabRole Assignment Drop-downAdmin role hidden
Manage admin usersSystem Settings - Manage Roles tabRoles tableAdmin role hidden
Manage admin usersSystem Settings - Identity Providers Settings tabDefault Role for new SAML/LADPAdmin role hidden
Manage admin usersSystem Settings - Identity Providers Settings tabRole Assignment Rules SAML/LADPAdmin role hidden
Manage gatewaysSystem Settings - Gateways GatewaysGateways  hidden


Dashboard

PermissionUI PageUI ComponentBehavior (when permission is disabled)
View dashboardAll pagesLeft navigation menu - Dashboard iconDisabled
View dashboardAxonius DashboardPageNot accessible
View dashboardReport ConfigurationDashboard selectionOption is not available
Delete chartAxonius DashboardChart menu - DeleteHidden
Add chartAxonius DashboardAdd chart (+ card)Hidden
Add chartAxonius DashboardChart menu - Move and CopyLimited to Move
Edit chartsAxonius DashboardChart menu - EditHidden
Edit chartsAxonius DashboardChart menu - Move and CopyLimited to Copy
Export to CSV
Axonius Dashboard
Export options in charts
Disabled
Add and editdashboardsAxonius DashboardAdddashboard (+)Hidden
Add and editdashboardsAxonius DashboardDashboard menu - EditHidden
DeletedashboardAxonius Dashboard Dashboard menu - DeleteHidden
Export DashboardAxonius Dashboard Dashboard menu - ExportHidden
Import Dashboard
Axonius Dashboard
Dashboard menu - Import
Hidden
Set Data Scope DefaultsDashboard Manager
Dashboard menu - Date Scope DefaultHidden
Manage dashboard foldersAxonius Dashboard
Dashboard listHidden
RefreshdashboardAxonius DashboardDashboard menu - RefreshHidden
Add and edit private
dashboards
Axonius DashboardAdddashboard (+)Hidden
Add and edit for
all data scopes
Axonius DashboardAdddashboard (+)
Hidden


Device Assets

Note:
Permissions are configured separately for each asset type in Axonius. The permissions available for each asset are similar to those detailed below for Device and User assets. Refer to the list of Asset Types for the full list of assets which each need these permissions configured.
PermissionUI PageUI ComponentBehavior (when permission is disabled)
Edit device relationships
Asset Graph
Graph
Disabled (edit relationships)
Export to CSV
All Device pages with a CSV Export option
Export CSV button
Disabled
View devicesAll pagesLeft navigation menu - Devices iconDisabled
View devicesDevicesPageNot accessible
View devicesAxonius DashboardSearch barSearch will not apply on device assets
View devicesAxonius DashboardChartsSelecting devices is not available
View devicesAxonius DashboardChart configurationSelecting devices saved queries is not available
View devicesCloud Asset ComplianceShow affected devices buttonDisabled (only for devices)
Create, delete, and linkDevices
Bulk selection (checkboxes)
Hidden
Create, delete, and link
Devices
Actions menu
Disabled
Create, delete, and link
Devices
All actions: link, unlink, delete...
Not accessible
Edit tags and custom dataDevicesBulk selection (checkboxes)Hidden
Edit tags and custom data
DevicesActions menuDisabled
Edit tags and custom data
DevicesAll actions: tag and custom dataNot accessible
Edit tags and custom data
Device Profile - Tags tabCreate/Edit/Delete tagsDisabled
Edit tags and custom data
Device Profile - Custom dataCreate/Edit/Delete custom dataDisabled
Manage notesDevice Profile - Notes tabCreate/Edit/Delete notesDisabled
Run saved queriesQueries Run Query button (drawer)Disabled
Run saved queriesDevicessearch bar - saved queries in the query searchHidden
Edit saved queries Queries Edit button (drawer)Hidden
Edit saved queriesDevicesSave - for saved queriesDisabled
Edit saved queriesDevicesRename saved queryDisabled
Delete saved queryQueries Public query - Delete button (drawer)Hidden
Delete saved queryQueries Delete button (bulk selection)Hidden
Delete saved queryQueries Bulk selection (checkboxes)Hidden
Create saved queryQueries Private query - Set Public button (drawer)Hidden
Create saved queryDevicesPrivate query checkbox (Save Query dialog)Disabled (and selected)


User Assets

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Edit users relationships
Asset Graph
Graph
Disabled (edit relationships)
Export to CSV
Device pages with a CSV Export option
Export CSV button
Disabled
View usersAll pagesLeft navigation menu - Users iconDisabled
View usersUsersPageNot accessible
View usersAxonius DashboardSearch barSearch will not apply on user assets
View usersAxonius DashboardChartsSelecting users is not available
View usersAxonius DashboardChart configurationSelecting users saved queries is not available
View usersCloud Asset ComplianceShow affected users buttonDisabled (only for users)
Create, delete, and link
Users
Bulk selection (checkboxes)
Hidden
Create, delete, and link
Users
Actions menu
Disabled
Create, delete, and linkUsers
All actions: link, unlink, delete...
Not accessible
Edit tags and custom data
Users
Bulk selection (checkboxes)
Hidden
Edit tags and custom dataUsers
Actions menu
Disabled
Edit tags and custom data
Users
All actions: tag and custom data
Disabled
Edit tags and custom data
Users Profile - Tags
Create/Edit/Delete tags
Disabled
Edit tags and custom data
Users Profile - Custom data
Create/Edit/Delete custom data
Disabled
Manage notesUser Profile - Notes tabCreate/Edit/Delete notesDisabled
Run saved queriesSaved QueriesRun Query button (drawer)Disabled
Run saved queriesUserssearch bar - saved queries in the query searchHidden
Edit saved queriesQueriesEdit button (drawer)Hidden
Edit saved queriesUsersSave - for saved queriesDisabled
Edit saved queriesUsersRename saved queryDisabled
Delete saved queryQueriesDelete button (drawer)Hidden
Delete saved queryQueriesDelete button (bulk selection)Hidden
Delete saved queryQueriesBulk selection (checkboxes)Hidden
Create saved queryQueriesPrivate query - Set Public button (drawer)Hidden
Create saved queryUsersPrivate query checkbox (Save Query dialog)Disabled (and selected)


Vulnerability Assets

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Edit software relationships
Asset Graph
Graph
Disabled (edit relationships)
Export to CSV
Vulnerability pages with a CSV Export option
Export CSV button
Disabled
View vulnerabilities All pagesLeft navigation menu - Vulnerabilities iconDisabled
View vulnerabilities VulnerabilitiesPageNot accessible
Create, delete, and link
Vulnerabilities
Bulk selection (checkboxes)
Hidden
Create, delete, and link
Vulnerabilities
Actions menu
Disabled
Create, delete, and link
Vulnerabilities
All actions: link, unlink, delete...
Not accessible
Edit tags and custom data
Vulnerabilities
Bulk selection (checkboxes)
Hidden
Edit tags and custom data
Vulnerabilities
Actions menu
Disabled
Edit tags and custom data
VulnerabilitiesAll actions: tag and custom data
Disabled
Edit tags and custom data
Vulnerabilities Profile - Tags tab Profile - Custom data 
Create/Edit/Delete tags
Disabled
Edit tags and custom data
Vulnerabilities
Create/Edit/Delete custom data
Disabled
Run saved queriesQueries Run Query button (drawer)Disabled
Run saved queriesVulnerabilitiessearch bar - saved queries in the query searchHidden
Edit saved queries Queries Edit button (drawer)Hidden
Edit saved queriesVulnerabilitiesSave - for saved queriesDisabled
Edit saved queriesVulnerabilitiesRename saved queryDisabled
Delete saved queryQueries Public query - Delete button (drawer)Hidden
Delete saved queryQueries Delete button (bulk selection)Hidden
Delete saved queryQueries Bulk selection (checkboxes)Hidden
Create saved queryQueries Private query - Set Public button (drawer)Hidden
Create saved queryVulnerabilities
Private query checkbox (Save Query dialog)Disabled (and selected)

Software  Assets

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Edit software relationshipsAsset GraphGraphDisabled (edit relationships)
Export to CSV
Software pages with a CSV Export option
Export CSV button
Disabled
View softwareAll pagesLeft navigation menu - Devices iconDisabled
View softwareSoftwarePageNot accessible
Create, delete, and link
Software
Bulk selection (checkboxes)
Hidden
Create, delete, and link
Software
Actions menu
Disabled
Create, delete, and link
Software
All actions: link, unlink, delete...
Not accessible
Edit tags and custom data
Software
Bulk selection (checkboxes)
Hidden
Edit tags and custom data
Software
Actions menu
Disabled
Edit tags and custom data
Software
All actions: tag and custom data
Not accessible
Edit tags and custom data
Software Profile - Tags tab
Create/Edit/Delete tags
Disabled
Edit tags and custom data
Software Profile - Custom tab
Create/Edit/Delete custom data
Disabled
Edit softwareSoftware Profile - Custom dataBulk selection (checkboxes)Hidden
Run saved queriesQueries Run Query button (drawer)Disabled
Run saved queriesSoftwaresearch bar - saved queries in the query searchHidden
Edit saved queriesQueries Edit button (drawer)Hidden
Edit saved queriesSoftware
Save - for saved queriesDisabled
Manage Software approval listSoftwareButtonHidden
Manage Software approval list
Software approval list
PageHidden
Edit saved queriesSoftware
Rename saved queryDisabled
Delete saved queryQueries Public query - Delete button (drawer)Hidden
Delete saved queryQueries Delete button (bulk selection)Hidden
Delete saved queryQueries Bulk selection (checkboxes)Hidden
Create saved queryQueries Private query - Set Public button (drawer)Hidden
Create saved querySoftware
Private query checkbox (Save Query dialog)Disabled (and selected)

Queries

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Add and edit for all data scopes


Export Queries


Export to CSV
Data Analytics
Data Analytics page, Reports
Disabled
Import Queries


Manage query foldersQueriesQuery foldersDisabled
Manage query calculation


View query history of all usersQuery HistoryPageNot accessible

Reports

PermissionUI PageUI ComponentBehavior (when permission is disabled)
View reportsAll pagesLeft navigation menu - Reports iconDisabled
View reportsReportsPageNot accessible (unless Use private reports is enabled)
Export to CSV
Reports
Download CSV in Reports
Disabled
Add reportReportsAdd report buttonDisabled (unless Use private reports is enabled)
Edit reportsReport ConfigurationAll input fieldsDisabled (unless Use private reports is enabled)
Delete reportReportsBulk selection (checkboxes)Hidden (unless Use private reports is enabled)
Delete reportReportsDelete button (bulk selection)Hidden (unless Use private reports is enabled)
Use private reportsReport ConfigurationPrivate report checkboxDisabled
Deactivate ReportsReport ConfigurationToggle buttonDisabled


Manage Nodes

PermissionUI PageUI ComponentBehavior (when permission is disabled)
View Compute NodesAll pagesLeft navigation menu - Instances iconDisabled
View Compute Nodes Manage NodesPageNot accessible
Edit Compute Nodes Manage Nodes
All input fieldsDisabled
Edit Compute Nodes Manage Nodes
Bulk selection (checkboxes)Hidden
Edit Compute Nodes Manage Nodes
Deactivate / Reactivate buttonsHidden


Adapters

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Export to CSV enabled
All pages in the system where CSV Export exists

Export CSV button
Disabled
View adaptersAll pagesLeft navigation menu - Adapters iconDisabled
View adaptersAll pagesPageNot accessible
Add connectionAdapterAdd connectionDisabled
Edit connectionsAdapterEdit connections - open connection modalDisabled
Edit adapter advanced settingsAdapterAdvanced Settings buttonDisabled
Edit adapter advanced settingsAdapters - Action menuOverride Advanced Settings Values optionDisabled
Delete connectionAdapterBulk selection (checkboxes)Hidden
Delete connectionAdapterDelete button (bulk selection)Hidden
Terminate connectionAdapter Fetch HistoryBulk selection (checkboxes)Hidden
Terminate connectionAdapter Fetch History - Action menuTerminate connectionHidden
Export to CSV enabled
All pages in the system where CSV Export exists
Export CSV button
Disabled
Run saved queries
Queries
Run Query button (drawer)
Disabled
Create saved queries
Queries
Duplicate button (drawer)Hidden
Edit saved queries
QueriesTag button (bulk selection)
Hidden
Edit saved queriesQueries
Edit button (drawer)
Hidden
Edit saved queries
Adapters Fetch History
Save - for saved queries
Disabled
Edit saved queries
Adapters Fetch History
Update query details
Disabled
Delete saved queries
Queries
Public query - Delete button (drawer)
Hidden
Delete saved queries
Queries
Public query - Delete button (drawer)
Hidden


Activity Logs

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Export to CSV
Activity logsExport CSV button
Disabled
View activity logsActivity logsPageNot accessible
Run saved queriesQueriesRun Query button (drawer)Disabled
Edit saved queriesQueries Edit button (drawer)Hidden
Edit saved queriesActivity logsSave - for saved queriesDisabled
Edit saved queriesActivity logsRename saved queryDisabled
Delete saved queriesQueries Public query - Delete button (drawer)Hidden
Delete saved queriesQueries Delete button (bulk selection)Hidden
Delete saved queriesQueries Bulk selection (checkboxes)Hidden
Create saved queriesActivity logsPrivate query - Set Public button (drawer)Hidden
Create saved queriesActivity logsPrivate query checkbox (Save Query dialog)Disabled (and selected)

Case Management

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Delete Case ManagementCase ManagementDelete Action (hover or bulk selection)Disabled
View Case ManagementCase ManagementPage (Table, Kanban views)Not accessible
Add Case ManagementCase ManagementCreate Case button (drawer)Disabled
Edit Case ManagementCase ManagementClick row (drawer)Disabled

Enforcement Center

Note:

In order to add an Enforcement Action the role needs to have both Edit Enforcements and Add Enforcements permissions.  

PermissionUI PageUI ComponentBehavior (when permission is disabled)
View Enforcement CenterAll pagesLeft navigation menu - EC iconDisabled
View Enforcement CenterEnforcement CenterPageNot accessible
View Enforcement CenterDevice/User Profile - EC Tasks tabLink to taskRemove link
View Enforcement Center  Queries (Devices)Enforce button (drawer)Hidden
View Enforcement Center Queries (Users)Enforce button (drawer)Hidden
Edit EnforcementsEnforcement SetAll input fieldsDisabled
Edit EnforcementsEnforcement SetEdit button (drawer)Hidden
Edit EnforcementsEnforcement SetDelete button (drawer)Hidden
Edit EnforcementsEnforcement CenterAdd Enforcement buttonDisabled
Edit Enforcements  Queries (Devices)Enforce button (drawer)Hidden
Edit Enforcements Queries (Users)Enforce button (drawer)Hidden
Add EnforcementEnforcement CenterAdd Enforcement buttonDisabled
Add Enforcement Queries (Devices)Enforce button (drawer)Hidden
Add Enforcement Queries (Users)Enforce button (drawer)Hidden
Add EnforcementCloud Asset ComplianceEnforce menuDisabled
Add EnforcementDevices - Actions menuCreate New Enforcement optionDisabled
Add EnforcementUsers - Actions menuCreate New Enforcement optionDisabled
View Enforcement TasksEnforcement CenterView Tasks buttonDisabled
View Enforcement TasksEnforcement SetView Tasks buttonDisabled
View Enforcement TasksDevice/User Profile - EC Tasks tabLink to taskRemove link
View Enforcement TasksEnforce dialogLink to taskRemove link
Delete EnforcementEnforcement CenterBulk selection (checkboxes)Hidden
Delete EnforcementEnforcement CenterDelete button - Actions Menu (bulk selection)Hidden
Delete EnforcementEnforcement Set - Combo buttonDelete optionHidden
Run EnforcementDevices - Actions menuRun Existing Enforcement optionDisabled
Run EnforcementUsers - Actions menuRun Existing Enforcement optionDisabled
Run EnforcementRun button - bulk selectionRun Existing Enforcement optionHidden
Terminate Enforcement TasksEnforcement Center - Enforcement Tasks TableBulk Selection (checkboxes)Hidden
Terminate EnforcementEnforcement Center - Actions menuTerminate Enforcement TasksHidden
Duplicate EnforcementEnforcement Center - Actions menuDuplicate optionHidden
Duplicate EnforcementEnforcement Set - Combo buttonDuplicate optionHidden


Field Mapping

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Delete Field MappingField MappingDelete Action (hover or bulk selection
Disabled
View Field Mapping
Field MappingPageNot accessible
Add Field Mapping
Field MappingCreate Field Mapping button and drawerDisabled
Edit Field Mapping
Field MappingClick row and drawerDisabled

Findings

PermissionUI PageUI ComponentBehavior (when permission is disabled)
View AlertsFindings - AlertsPageNot accessible
Modify AlertsFindings - AlertsClick rowDisabled
View RulesFindings - Rules ManagerPage Not accessible
Modify RulesFindings - Rules ManagerClick row and drawerDisabled
Mark as seenFindings - AlertsMark as seen Action (hover or bulk selection)Disabled
Add Finding RuleFindings - Rules ManagerCreate Finding Rule button and drawerDisabled
Delete Finding RuleFindings - Rules ManagerDelete Action (hover or bulk selectionDisabled

Cloud Asset Compliance

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Export to CSV
Cloud Asset Compliance
Export CSV button
Disabled
View Cloud Asset ComplianceAll pagesLeft navigation menu - Cloud iconDisabled
View Cloud Asset ComplianceCloud Asset CompliancePageNot accessible
Update Benchmark settingsBenchmark ScoreScore menuHidden
Manage Exclusions and CommentsCloud Asset ComplianceAdd exclusion/comment button in Comments section (drawer)Hidden
Manage Exclusions and CommentsCloud Asset ComplianceDelete exclusion/comment button in Comments section (drawer)Hidden
Manage Exclusions and CommentsCloud Asset ComplianceEdit exclusion/comment button in Comments section (drawer)Hidden

Ingestion Rules

PermissionUI PageUI ComponentBehavior (when permission is disabled)
View Ingestion RulesAdapter Advanced SettingsAdapter Advanced Settings
Hidden
Update Ingestion RulesAdapter Advanced Settings
Adapter Advanced Settings
Hidden

SaaS Management

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Admin level actions
SaaS Management ModulesSaaS Management Modules and all Admin SettingsDisabled
View entities and data
SaaS Management Modules
SaaS Management Modules
Hidden


Asset Graph

PermissionUI PageUI ComponentBehavior (when permission is disabled)
Add and edit for all data scopesAsset GraphAsset GraphDisabled
Delete graphAsset Graph
Asset Graph
Disabled
View graphAsset Graph
Asset Graph
Disabled
Manage graph foldersAsset Graph Manager
Asset Graph
Disabled
Create graphAsset Graph
Asset Graph
Disabled
Edit graphAsset Graph
Asset Graph
Disabled
Load saved graph Asset Graph Manager
Asset Graph
Disabled



Was this article helpful?