Introducing Role Based Access Control (RBAC) Management
Table of contents
Maintaining an adequate security posture involves numerous hassles and pitfalls, making it quite challenging to manage. At this point, Role-Based Access Control (RBAC) enters the picture as one of the most significant pillars of a strong security posture, allowing companies to enforce the security policies they have mapped to their company structures.
Basically, Role-Based Access Control identifies what users and groups perform which activities on which resources. Recently, as Resmo, we have introduced the RBAC Management feature and elevated the security experience we offer. Resmo's RBAC Management feature allows users to determine, grant, and manage access, roles, and permissions with an easy-to-use interface.
With RBAC, users can see the roles and policies in one place, create custom ones, and update them anytime. Before sailing into Resmo's RBAC Management feature, let's briefly touch upon what RBAC means for Resmo users.
Benefits of Role-Based Access Control
- RBAC reduces administrative work by assigning, updating, establishing, and terminating privileges as needed without the need for paperwork or password changes.
- It reduces the chance of security breaches by preventing unauthorized access and abuse of access by employees.
- RBAC policies help you to meet regulatory requirements by improving compliance with data privacy laws such as HIPAA, GLBA, and others that require data safeguarding.
- RBAC helps you to enhance the productivity of your team by making distinct role assignments and placing your employees in the right place.
RBAC characteristics and Resmo RBAC Management feature
As RBAC refers to assigning permissions to end users based on their roles in the company structure, Resmo's RBAC Management tool leverages roles, policies, and statements. Let's take a closer look at each of these to better understand the main structure of the RBAC.
Roles can be defined as containers for policies comprising admin, user, and owner roles. A role can have a maximum of 10 policies. Currently, there are three user roles on Resmo:
Owner: There can only be one Owner for each account. The Owner has permission to transfer ownership or change user roles.
Admin: An admin can add, update, and delete integrations, queries, rule notifications, and resource groups. Admins also have permission to invite users and change user roles except for the Owner role.
User: The least privileged role is the user. A user has read-only access to everything and can query the aggregated data. Users cannot see other users or integrations or take any action on them.
When a policy is associated with a role, it represents the permissions of that role since policies are sets of access and denial statements. A policy can contain up to 10 statements, including effect, actions, services, and types such as resource, integration, or notification channel:
- Action identifies a service's method.
- Effect indicates whether access is allowed or denied through "Allow" or "Deny."
- Types show the restriction's scope. Types may include any or all of the following:
- Resource type determines whether a policy allows or denies specified resource types.
- Integration type determines whether the policy allows or denies specified integration types.
- Notification channel type determines whether the policy allows or denies specified notification channel types.
How to set up a sample RBAC Policy and assign it to a user
Step 1: Sign up or sign in to your Resmo account, then navigate to Settings.
Step 2: Below the settings section, go to the Roles, and you will see a list of roles in your account.
Step 3: You can now examine, create, and edit roles.
Step 4: Navigate to Policies under Access from the left-side panel. You will see a list of policies, such as APIKeyAdminAccess, which is a Resmo-managed policy.
Step 5: This is where you can examine, edit, or create new policies. You can also see the role’s name, description, and statements in the policy details.
- Toggle on Advanced Mode to manage your statements as JSON.
- Set up statements, which are containers for permissions.
- Define allow or deny statements inside the same policy.
Step 6: You can grant roles to the users linked to the account and update them under the Users section.
Bonus: The Users section allows you to invite other users.
Common use cases
To ensure that RBAC policies are set up properly, it is crucial to know who has access to which resources and the extent of that access:
- By granting only necessary access, RBAC helps your employees focus on their core responsibilities by separating duties and minimizes misconfigurations.
- It helps companies determine policies rigorously, for example, most developers do not have access to CI/CD pipelines that deploy into live environments.
- In case any changes occur to an employee's position, it can be used to update, add or revoke permissions.
Time to reshape your access controls
The backbone of any secure system in the world is restricted access, which means not everyone can or should access sensitive data. Otherwise, what you try to protect would simply be commonplace and public. That's a no-brainer.
With Resmo's RBAC Management feature that allows enterprise plan users to delegate access permissions based on user roles and policies, you can layer up your security posture. This will make it easier to avert unauthorized access or mistakes.
Quick reminder: This feature is available for the Enterprise Plan, but you can request access and test it out to see how it will bolster your account security.