Permissions are the building blocks for Axonius Role Based Access Control (RBAC). Each role consists of a collection of permissions for various elements in the system. Each user is assigned to a specific role. Each role consists of the following categories and each category consists of different set of permissions. The table below describes the behavior for each category and permission. Absence of permissions for specific items may mean that elements in the system are not displayed, or disabled, depending on the definitions of that permission.
Global Actions
Permission
UI Page
UI Component
Behavior (when permission is disabled)
Save data analytics
Data Analytics
Data Analytics page, Reports
Hidden
Enable Support Center link
All pages in the system
Top pane - Help and Support icon (?)
Hidden
API Access
Permission
UI Page
UI Component
Behavior (when permission is disabled)
API Access enabled
N/A
N/A
The user cannot log in via the API
API Access enabled
User settings tab
API Key tab
Hidden
Reset API Key
Account Settings
Reset Key button
Hidden
Asset Investigation
Permission
UI Page
UI Component
Behavior (when permission is disabled)
Edit tracked fields
Asset Investigation Fields
Button
Disabled
View asset investigation
Devices/Users
Button
Hidden
Delete saved queries
Queries
Public query - Delete button (drawer)
Hidden
Create saved queries
Asset Investigation
Save Query dialog
Disabled
Edit saved queries
Queries
Edit button (drawer)
Hidden
Run saved queries
Asset Investigation/Queries
Run Query button (drawer)
Disabled
System and User Management
Permission
UI Page
UI Component
Behavior (when permission is disabled)
Export to CSV
System Settings
Export CSV button
Disabled
View system settings
All pages
System Settings button
Disabled
View system settings
System Settings
Page
Not accessible
View system settings
System Settings
Lifecycle Settings
Not accessible
View system settings
System Settings
Global Settings
Not accessible
View system settings
System Settings
GUI Settings
Not accessible
View system settings
System Settings
Identity Providers Settings
Not accessible
View system settings
System Settings
Tunnel Settings
Not accessible
View user accounts and roles
System Settings
Identity Providers Settings
Not accessible
View user accounts and roles
System Settings
Manage Users tab
Hidden
View user accounts and roles
System Settings
Manage Roles tab
Hidden
View user accounts and roles
Axonius Dashboard
Edit dashboard radio button selection
Disabled
Add user
System Settings - Manage Users tab
Add User button
Disabled
Add user
System Settings - Manage Users tab
Drawer
Disabled
Edit users
System Settings - Manage Users tab
Drawer
Disabled
Edit users
System Settings - Manage Users tab
Assign role option (Actions menu)
Hidden
Delete user
System Settings - Manage Users tab
Delete user option (Actions menu)
Hidden
Delete user
System Settings - Manage Users tab
Delete user button (from drawer)
Hidden
Add role
System Settings - Manage Roles tab
Add role button
Disabled
Add role
System Settings - Manage Roles tab
Duplicate role button (from drawer)
Hidden
Edit roles
System Settings - Manage Roles tab
Drawer
Disabled
Edit roles
System Settings
Identity Providers Settings
Disabled
Update system settings
System Settings - all tabs
Save buttons
Disabled
Update system settings
System Settings - all tabs
All fields
Disabled
Update system settings
Devices
Edit System View
Hidden
Update system settings
Users
Edit System View
Hidden
Run manual discovery cycle
All pages
Run Discovery button
Disabled
View Notifications
All Pages
Notification icon
Disabled
Manage Service Accounts
System Settings
Manage Service Accounts
Disabled
Manage admin users
System Settings - Manage Users tab
User table
Admin role hidden
Manage admin users
System Settings - Manage Users tab
Role Assignment Drop-down
Admin role hidden
Manage admin users
System Settings - Manage Roles tab
Roles table
Admin role hidden
Manage admin users
System Settings - Identity Providers Settings tab
Default Role for new SAML/LADP
Admin role hidden
Manage admin users
System Settings - Identity Providers Settings tab
Role Assignment Rules SAML/LADP
Admin role hidden
Manage gateways
System Settings - Gateways
Gateways
Gateways hidden
Dashboard
Permission
UI Page
UI Component
Behavior (when permission is disabled)
View dashboard
All pages
Left navigation menu - Dashboard icon
Disabled
View dashboard
Axonius Dashboard
Page
Not accessible
View dashboard
Report Configuration
Dashboard selection
Option is not available
Delete chart
Axonius Dashboard
Chart menu - Delete
Hidden
Add chart
Axonius Dashboard
Add chart (+ card)
Hidden
Add chart
Axonius Dashboard
Chart menu - Move and Copy
Limited to Move
Edit charts
Axonius Dashboard
Chart menu - Edit
Hidden
Edit charts
Axonius Dashboard
Chart menu - Move and Copy
Limited to Copy
Export to CSV
Axonius Dashboard
Export options in charts
Disabled
Add and editdashboards
Axonius Dashboard
Adddashboard (+)
Hidden
Add and editdashboards
Axonius Dashboard
Dashboard menu - Edit
Hidden
Deletedashboard
Axonius Dashboard
Dashboard menu - Delete
Hidden
Export Dashboard
Axonius Dashboard
Dashboard menu - Export
Hidden
Import Dashboard
Axonius Dashboard
Dashboard menu - Import
Hidden
Set Data Scope Defaults
Dashboard Manager
Dashboard menu - Date Scope Default
Hidden
Manage dashboard folders
Axonius Dashboard
Dashboard list
Hidden
Refreshdashboard
Axonius Dashboard
Dashboard menu - Refresh
Hidden
Add and edit private dashboards
Axonius Dashboard
Adddashboard (+)
Hidden
Add and edit for all data scopes
Axonius Dashboard
Adddashboard (+)
Hidden
Device Assets
Note:
Permissions are configured separately for each asset type in Axonius. The permissions available for each asset are similar to those detailed below for Device and User assets. Refer to the list of Asset Types for the full list of assets which each need these permissions configured.
Permission
UI Page
UI Component
Behavior (when permission is disabled)
Edit device relationships
Asset Graph
Graph
Disabled (edit relationships)
Export to CSV
All Device pages with a CSV Export option
Export CSV button
Disabled
View devices
All pages
Left navigation menu - Devices icon
Disabled
View devices
Devices
Page
Not accessible
View devices
Axonius Dashboard
Search bar
Search will not apply on device assets
View devices
Axonius Dashboard
Charts
Selecting devices is not available
View devices
Axonius Dashboard
Chart configuration
Selecting devices saved queries is not available
View devices
Cloud Asset Compliance
Show affected devices button
Disabled (only for devices)
Create, delete, and link
Devices
Bulk selection (checkboxes)
Hidden
Create, delete, and link
Devices
Actions menu
Disabled
Create, delete, and link
Devices
All actions: link, unlink, delete...
Not accessible
Edit tags and custom data
Devices
Bulk selection (checkboxes)
Hidden
Edit tags and custom data
Devices
Actions menu
Disabled
Edit tags and custom data
Devices
All actions: tag and custom data
Not accessible
Edit tags and custom data
Device Profile - Tags tab
Create/Edit/Delete tags
Disabled
Edit tags and custom data
Device Profile - Custom data
Create/Edit/Delete custom data
Disabled
Manage notes
Device Profile - Notes tab
Create/Edit/Delete notes
Disabled
Run saved queries
Queries
Run Query button (drawer)
Disabled
Run saved queries
Devices
search bar - saved queries in the query search
Hidden
Edit saved queries
Queries
Edit button (drawer)
Hidden
Edit saved queries
Devices
Save - for saved queries
Disabled
Edit saved queries
Devices
Rename saved query
Disabled
Delete saved query
Queries
Public query - Delete button (drawer)
Hidden
Delete saved query
Queries
Delete button (bulk selection)
Hidden
Delete saved query
Queries
Bulk selection (checkboxes)
Hidden
Create saved query
Queries
Private query - Set Public button (drawer)
Hidden
Create saved query
Devices
Private query checkbox (Save Query dialog)
Disabled (and selected)
User Assets
Permission
UI Page
UI Component
Behavior (when permission is disabled)
Edit users relationships
Asset Graph
Graph
Disabled (edit relationships)
Export to CSV
Device pages with a CSV Export option
Export CSV button
Disabled
View users
All pages
Left navigation menu - Users icon
Disabled
View users
Users
Page
Not accessible
View users
Axonius Dashboard
Search bar
Search will not apply on user assets
View users
Axonius Dashboard
Charts
Selecting users is not available
View users
Axonius Dashboard
Chart configuration
Selecting users saved queries is not available
View users
Cloud Asset Compliance
Show affected users button
Disabled (only for users)
Create, delete, and link
Users
Bulk selection (checkboxes)
Hidden
Create, delete, and link
Users
Actions menu
Disabled
Create, delete, and link
Users
All actions: link, unlink, delete...
Not accessible
Edit tags and custom data
Users
Bulk selection (checkboxes)
Hidden
Edit tags and custom data
Users
Actions menu
Disabled
Edit tags and custom data
Users
All actions: tag and custom data
Disabled
Edit tags and custom data
Users Profile - Tags
Create/Edit/Delete tags
Disabled
Edit tags and custom data
Users Profile - Custom data
Create/Edit/Delete custom data
Disabled
Manage notes
User Profile - Notes tab
Create/Edit/Delete notes
Disabled
Run saved queries
Saved Queries
Run Query button (drawer)
Disabled
Run saved queries
Users
search bar - saved queries in the query search
Hidden
Edit saved queries
Queries
Edit button (drawer)
Hidden
Edit saved queries
Users
Save - for saved queries
Disabled
Edit saved queries
Users
Rename saved query
Disabled
Delete saved query
Queries
Delete button (drawer)
Hidden
Delete saved query
Queries
Delete button (bulk selection)
Hidden
Delete saved query
Queries
Bulk selection (checkboxes)
Hidden
Create saved query
Queries
Private query - Set Public button (drawer)
Hidden
Create saved query
Users
Private query checkbox (Save Query dialog)
Disabled (and selected)
Vulnerability Assets
Permission
UI Page
UI Component
Behavior (when permission is disabled)
Edit software relationships
Asset Graph
Graph
Disabled (edit relationships)
Export to CSV
Vulnerability pages with a CSV Export option
Export CSV button
Disabled
View vulnerabilities
All pages
Left navigation menu - Vulnerabilities icon
Disabled
View vulnerabilities
Vulnerabilities
Page
Not accessible
Create, delete, and link
Vulnerabilities
Bulk selection (checkboxes)
Hidden
Create, delete, and link
Vulnerabilities
Actions menu
Disabled
Create, delete, and link
Vulnerabilities
All actions: link, unlink, delete...
Not accessible
Edit tags and custom data
Vulnerabilities
Bulk selection (checkboxes)
Hidden
Edit tags and custom data
Vulnerabilities
Actions menu
Disabled
Edit tags and custom data
Vulnerabilities
All actions: tag and custom data
Disabled
Edit tags and custom data
Vulnerabilities Profile - Tags tab Profile - Custom data
Create/Edit/Delete tags
Disabled
Edit tags and custom data
Vulnerabilities
Create/Edit/Delete custom data
Disabled
Run saved queries
Queries
Run Query button (drawer)
Disabled
Run saved queries
Vulnerabilities
search bar - saved queries in the query search
Hidden
Edit saved queries
Queries
Edit button (drawer)
Hidden
Edit saved queries
Vulnerabilities
Save - for saved queries
Disabled
Edit saved queries
Vulnerabilities
Rename saved query
Disabled
Delete saved query
Queries
Public query - Delete button (drawer)
Hidden
Delete saved query
Queries
Delete button (bulk selection)
Hidden
Delete saved query
Queries
Bulk selection (checkboxes)
Hidden
Create saved query
Queries
Private query - Set Public button (drawer)
Hidden
Create saved query
Vulnerabilities
Private query checkbox (Save Query dialog)
Disabled (and selected)
Software Assets
Permission
UI Page
UI Component
Behavior (when permission is disabled)
Edit software relationships
Asset Graph
Graph
Disabled (edit relationships)
Export to CSV
Software pages with a CSV Export option
Export CSV button
Disabled
View software
All pages
Left navigation menu - Devices icon
Disabled
View software
Software
Page
Not accessible
Create, delete, and link
Software
Bulk selection (checkboxes)
Hidden
Create, delete, and link
Software
Actions menu
Disabled
Create, delete, and link
Software
All actions: link, unlink, delete...
Not accessible
Edit tags and custom data
Software
Bulk selection (checkboxes)
Hidden
Edit tags and custom data
Software
Actions menu
Disabled
Edit tags and custom data
Software
All actions: tag and custom data
Not accessible
Edit tags and custom data
Software Profile - Tags tab
Create/Edit/Delete tags
Disabled
Edit tags and custom data
Software Profile - Custom tab
Create/Edit/Delete custom data
Disabled
Edit software
Software Profile - Custom data
Bulk selection (checkboxes)
Hidden
Run saved queries
Queries
Run Query button (drawer)
Disabled
Run saved queries
Software
search bar - saved queries in the query search
Hidden
Edit saved queries
Queries
Edit button (drawer)
Hidden
Edit saved queries
Software
Save - for saved queries
Disabled
Manage Software approval list
Software
Button
Hidden
Manage Software approval list
Software approval list
Page
Hidden
Edit saved queries
Software
Rename saved query
Disabled
Delete saved query
Queries
Public query - Delete button (drawer)
Hidden
Delete saved query
Queries
Delete button (bulk selection)
Hidden
Delete saved query
Queries
Bulk selection (checkboxes)
Hidden
Create saved query
Queries
Private query - Set Public button (drawer)
Hidden
Create saved query
Software
Private query checkbox (Save Query dialog)
Disabled (and selected)
Queries
Permission
UI Page
UI Component
Behavior (when permission is disabled)
Add and edit for all data scopes
Export Queries
Export to CSV
Data Analytics
Data Analytics page, Reports
Disabled
Import Queries
Manage query folders
Queries
Query folders
Disabled
Manage query calculation
View query history of all users
Query History
Page
Not accessible
Reports
Permission
UI Page
UI Component
Behavior (when permission is disabled)
View reports
All pages
Left navigation menu - Reports icon
Disabled
View reports
Reports
Page
Not accessible (unless Use private reports is enabled)
Export to CSV
Reports
Download CSV in Reports
Disabled
Add report
Reports
Add report button
Disabled (unless Use private reports is enabled)
Edit reports
Report Configuration
All input fields
Disabled (unless Use private reports is enabled)
Delete report
Reports
Bulk selection (checkboxes)
Hidden (unless Use private reports is enabled)
Delete report
Reports
Delete button (bulk selection)
Hidden (unless Use private reports is enabled)
Use private reports
Report Configuration
Private report checkbox
Disabled
Deactivate Reports
Report Configuration
Toggle button
Disabled
Manage Nodes
Permission
UI Page
UI Component
Behavior (when permission is disabled)
View Compute Nodes
All pages
Left navigation menu - Instances icon
Disabled
View Compute Nodes
Manage Nodes
Page
Not accessible
Edit Compute Nodes
Manage Nodes
All input fields
Disabled
Edit Compute Nodes
Manage Nodes
Bulk selection (checkboxes)
Hidden
Edit Compute Nodes
Manage Nodes
Deactivate / Reactivate buttons
Hidden
Adapters
Permission
UI Page
UI Component
Behavior (when permission is disabled)
Export to CSV enabled
All pages in the system where CSV Export exists
Export CSV button
Disabled
View adapters
All pages
Left navigation menu - Adapters icon
Disabled
View adapters
All pages
Page
Not accessible
Add connection
Adapter
Add connection
Disabled
Edit connections
Adapter
Edit connections - open connection modal
Disabled
Edit adapter advanced settings
Adapter
Advanced Settings button
Disabled
Edit adapter advanced settings
Adapters - Action menu
Override Advanced Settings Values option
Disabled
Delete connection
Adapter
Bulk selection (checkboxes)
Hidden
Delete connection
Adapter
Delete button (bulk selection)
Hidden
Terminate connection
Adapter Fetch History
Bulk selection (checkboxes)
Hidden
Terminate connection
Adapter Fetch History - Action menu
Terminate connection
Hidden
Export to CSV enabled
All pages in the system where CSV Export exists
Export CSV button
Disabled
Run saved queries
Queries
Run Query button (drawer)
Disabled
Create saved queries
Queries
Duplicate button (drawer)
Hidden
Edit saved queries
Queries
Tag button (bulk selection)
Hidden
Edit saved queries
Queries
Edit button (drawer)
Hidden
Edit saved queries
Adapters Fetch History
Save - for saved queries
Disabled
Edit saved queries
Adapters Fetch History
Update query details
Disabled
Delete saved queries
Queries
Public query - Delete button (drawer)
Hidden
Delete saved queries
Queries
Public query - Delete button (drawer)
Hidden
Activity Logs
Permission
UI Page
UI Component
Behavior (when permission is disabled)
Export to CSV
Activity logs
Export CSV button
Disabled
View activity logs
Activity logs
Page
Not accessible
Run saved queries
Queries
Run Query button (drawer)
Disabled
Edit saved queries
Queries
Edit button (drawer)
Hidden
Edit saved queries
Activity logs
Save - for saved queries
Disabled
Edit saved queries
Activity logs
Rename saved query
Disabled
Delete saved queries
Queries
Public query - Delete button (drawer)
Hidden
Delete saved queries
Queries
Delete button (bulk selection)
Hidden
Delete saved queries
Queries
Bulk selection (checkboxes)
Hidden
Create saved queries
Activity logs
Private query - Set Public button (drawer)
Hidden
Create saved queries
Activity logs
Private query checkbox (Save Query dialog)
Disabled (and selected)
Case Management
Permission
UI Page
UI Component
Behavior (when permission is disabled)
Delete Case Management
Case Management
Delete Action (hover or bulk selection)
Disabled
View Case Management
Case Management
Page (Table, Kanban views)
Not accessible
Add Case Management
Case Management
Create Case button (drawer)
Disabled
Edit Case Management
Case Management
Click row (drawer)
Disabled
Enforcement Center
Note:
In order to add an Enforcement Action the role needs to have both Edit Enforcements and Add Enforcements permissions.
Permission
UI Page
UI Component
Behavior (when permission is disabled)
View Enforcement Center
All pages
Left navigation menu - EC icon
Disabled
View Enforcement Center
Enforcement Center
Page
Not accessible
View Enforcement Center
Device/User Profile - EC Tasks tab
Link to task
Remove link
View Enforcement Center
Queries (Devices)
Enforce button (drawer)
Hidden
View Enforcement Center
Queries (Users)
Enforce button (drawer)
Hidden
Edit Enforcements
Enforcement Set
All input fields
Disabled
Edit Enforcements
Enforcement Set
Edit button (drawer)
Hidden
Edit Enforcements
Enforcement Set
Delete button (drawer)
Hidden
Edit Enforcements
Enforcement Center
Add Enforcement button
Disabled
Edit Enforcements
Queries (Devices)
Enforce button (drawer)
Hidden
Edit Enforcements
Queries (Users)
Enforce button (drawer)
Hidden
Add Enforcement
Enforcement Center
Add Enforcement button
Disabled
Add Enforcement
Queries (Devices)
Enforce button (drawer)
Hidden
Add Enforcement
Queries (Users)
Enforce button (drawer)
Hidden
Add Enforcement
Cloud Asset Compliance
Enforce menu
Disabled
Add Enforcement
Devices - Actions menu
Create New Enforcement option
Disabled
Add Enforcement
Users - Actions menu
Create New Enforcement option
Disabled
View Enforcement Tasks
Enforcement Center
View Tasks button
Disabled
View Enforcement Tasks
Enforcement Set
View Tasks button
Disabled
View Enforcement Tasks
Device/User Profile - EC Tasks tab
Link to task
Remove link
View Enforcement Tasks
Enforce dialog
Link to task
Remove link
Delete Enforcement
Enforcement Center
Bulk selection (checkboxes)
Hidden
Delete Enforcement
Enforcement Center
Delete button - Actions Menu (bulk selection)
Hidden
Delete Enforcement
Enforcement Set - Combo button
Delete option
Hidden
Run Enforcement
Devices - Actions menu
Run Existing Enforcement option
Disabled
Run Enforcement
Users - Actions menu
Run Existing Enforcement option
Disabled
Run Enforcement
Run button - bulk selection
Run Existing Enforcement option
Hidden
Terminate Enforcement Tasks
Enforcement Center - Enforcement Tasks Table
Bulk Selection (checkboxes)
Hidden
Terminate Enforcement
Enforcement Center - Actions menu
Terminate Enforcement Tasks
Hidden
Duplicate Enforcement
Enforcement Center - Actions menu
Duplicate option
Hidden
Duplicate Enforcement
Enforcement Set - Combo button
Duplicate option
Hidden
Field Mapping
Permission
UI Page
UI Component
Behavior (when permission is disabled)
Delete Field Mapping
Field Mapping
Delete Action (hover or bulk selection
Disabled
View Field Mapping
Field Mapping
Page
Not accessible
Add Field Mapping
Field Mapping
Create Field Mapping button and drawer
Disabled
Edit Field Mapping
Field Mapping
Click row and drawer
Disabled
Findings
Permission
UI Page
UI Component
Behavior (when permission is disabled)
View Alerts
Findings - Alerts
Page
Not accessible
Modify Alerts
Findings - Alerts
Click row
Disabled
View Rules
Findings - Rules Manager
Page
Not accessible
Modify Rules
Findings - Rules Manager
Click row and drawer
Disabled
Mark as seen
Findings - Alerts
Mark as seen Action (hover or bulk selection)
Disabled
Add Finding Rule
Findings - Rules Manager
Create Finding Rule button and drawer
Disabled
Delete Finding Rule
Findings - Rules Manager
Delete Action (hover or bulk selection
Disabled
Cloud Asset Compliance
Permission
UI Page
UI Component
Behavior (when permission is disabled)
Export to CSV
Cloud Asset Compliance
Export CSV button
Disabled
View Cloud Asset Compliance
All pages
Left navigation menu - Cloud icon
Disabled
View Cloud Asset Compliance
Cloud Asset Compliance
Page
Not accessible
Update Benchmark settings
Benchmark Score
Score menu
Hidden
Manage Exclusions and Comments
Cloud Asset Compliance
Add exclusion/comment button in Comments section (drawer)
Hidden
Manage Exclusions and Comments
Cloud Asset Compliance
Delete exclusion/comment button in Comments section (drawer)
Hidden
Manage Exclusions and Comments
Cloud Asset Compliance
Edit exclusion/comment button in Comments section (drawer)
Hidden
Ingestion Rules
Permission
UI Page
UI Component
Behavior (when permission is disabled)
View Ingestion Rules
Adapter Advanced Settings
Adapter Advanced Settings
Hidden
Update Ingestion Rules
Adapter Advanced Settings
Adapter Advanced Settings
Hidden
SaaS Management
Permission
UI Page
UI Component
Behavior (when permission is disabled)
Admin level actions
SaaS Management Modules
SaaS Management Modules and all Admin Settings
Disabled
View entities and data
SaaS Management Modules
SaaS Management Modules
Hidden
Asset Graph
Permission
UI Page
UI Component
Behavior (when permission is disabled)
Add and edit for all data scopes
Asset Graph
Asset Graph
Disabled
Delete graph
Asset Graph
Asset Graph
Disabled
View graph
Asset Graph
Asset Graph
Disabled
Manage graph folders
Asset Graph Manager
Asset Graph
Disabled
Create graph
Asset Graph
Asset Graph
Disabled
Edit graph
Asset Graph
Asset Graph
Disabled
Load saved graph
Asset Graph Manager
Asset Graph
Disabled
Was this article helpful?
Thank you for your feedback! Our team will get back to you