What is RBAC?
Role-based Access Controls (RBAC) refers to the concept of assigning permissions and data visibility rights to groups of users based on their unique responsibilities within an organization. The user-role and role-permissions relationships make it easy to perform user assignments since users no longer need to be managed individually, but instead have privileges that conform to the permissions assigned to their role(s).
User Management
User Management will continue to be the central location within System Settings that Aware Admins can create and manage user profiles. Access/permissions to certain applications will continue to be managed within the user profile.
Data Access Sets (DAS)
A Data Access Set is a configurable way to limit data visibility. When paired with a Role, it exposes only the data configured within the Data Access Set to the users of the Role. Users in a role with a Data Access Set restrictions can see only the data they are allowed to see, even while sharing application access with Roles that may have different data access.
A Data Access Set can be comprised of broad sources such as content platforms or sets of people, like Azure Active Directory lists, down to narrow sources like a single Slack channel. Once created, A Data Access Set can be used in as many roles as necessary.
Roles
Roles are groups of users with the same permissions and data visibility in Aware. Roles ensure that employees access only the tools and information they need for their job and keeps access to sensitive data safe and secure. As employees and their responsibilities change over time, roles make it easy to maintain up-to-date permissions and data access across your organization.
Components of a Role:
- Overview
- Permissions (+ application access)
- Data Access Sets
- Users
Signal with RBAC
Prior to RBAC, Signal permissions were based on a user’s relationship with select permissions and whether they had been added to a policy or not. Today, a user’s access to a policy will depend on their relationship with a Role and that Role’s relationship with a Data Access Set.
Search and Discover with RBAC
Prior to RBAC, Search permissions were based on a user’s relationship with select permissions in system settings. With RBAC, a user’s access to a search will depend on their relationship with a Role and that Role’s relationship with a Data Access Set. Search results will be visible based on its association with a Data Access Set.