Page tree

Contents

The Cloud Services Portal provides role-based access control with which you can manage user access based on roles and permissions. With the ability to define access policies, you can restrict service-related responsibilities to certain user roles and user groups. For example, you can limit BloxOne Threat Defense administrator permissions (defined in the TD Administrator Role) to the BloxOne Threat Defense admin user group (ib-td-admin), while allowing read-only access to the BloxOne Threat Defense user group (ib-td-user) for viewing configurations and reports only. Similarly, you can limit BloxOne DDI administrator (defined in the DDI Administrator Role) to the BloxOne DDI admin user group (ib-ddi-admin), while allowing read-only access to the BloxOne DDI user group (ib-ddi-user) for viewing configurations and reports only. Role-based access control is primarily based on service accessibility, which results in explicit permissions for users or user groups to view, start and stop, or configure service-related tasks and features based on responsibilities within your organization.

The Cloud Service Portal provides several default user roles, user groups, and access policies as a quick-start configuration, so you can quickly assign new users to user group(s) for them to gain access to relevant services and tasks. All default user groups are predefined in quick-start access policies that grant access to specific services and authorize specific users to a set of permissions, so they can perform specific responsibilities based on their roles. For example, the predefined Access Control Administrators Policy applies the Access Control Administrators Role to the access control admin user group (ib-access-control-admin), which grants access to all users in the ib-access-control-admin group permissions to view and configure licenses, users, user groups, and access policies. The Cloud Services Portal offers a few other access policies based on your license entitlements. You can use these quick-start configurations to quickly onboard your new users by placing them in their respective user groups, so they can gain access to the services to perform corresponding tasks. For more information, see Configuring Access Policies.

To set up role-based access control, use the following workflow to complete the tasks:

  1. Create new users and assign them to their respective user group(s) based on their respective roles and responsibilities within your organization. All users must belong to at least one user group. For more information, see Configuring Users.
  2. Review the default user groups and create additional groups (if needed) based on your business requirements and user responsibilities. For more information, see Configuring User Groups.
  3. Review the default access policies and create additional access policies (if needed) by applying user roles to respective user groups. Note that an access policy grants all users in a user group a set of permissions defined in the user role, so the users can access the services and perform the tasks associated with the selected user role. For more information, see Configuring Access Policies
  4. Create new user roles if the predefined one do not fit your organization needs. For more information, see Configuring Custom Roles.

  • No labels

This page has no comments.