Configuring Role Based Access Control
RunReveal supports Role Based Access Control for subjects accessing resources in your workspace.
We have configured a set of default roles to simplify the management of permissions assignment to users through those roles.
Each resource has 3 permissions defined: Read, Edit and Delete. Read allows read-only access to the class of resources including listing the instances of that resource. Edit allows for creation and updating that resources attributes and metadata. Deletion is required to remove a resource record from the database.
The following roles have been defined for workspaces: admin, analyst, and cibot. Below you will see their permissions enumerated.
| Permission | Description | Admin | Analyst | CIBot |
|---|---|---|---|---|
| Read Sources | Read and List Source Configs | ✅ | ✅ | |
| Edit Sources | Create and Update Source Configs | ✅ | ||
| Delete Sources | Delete Source Configs | ✅ | ||
| Read Destinations | Read and List Destination Configs | ✅ | ||
| Edit Destinations | Create and Update Destination Configs | ✅ | ||
| Delete Destinations | Delete Destination Configs | ✅ | ||
| Read Queries | Read and List Named Queries and Detections | ✅ | ✅ | ✅ |
| Edit Queries | Create and Edit Named Queries and Detections | ✅ | ✅ | ✅ |
| Delete Queries | Delete Named Queries and Detections | ✅ | ✅ | |
| Read Reports | Read and List Reports | ✅ | ✅ | |
| Edit Reports | Create and Update Report Configs | ✅ | ✅ | |
| Delete Reports | Delete Report Configs | ✅ | ||
| Read Analytics | Read and List Analytics Views | ✅ | ✅ | |
| Edit Analytics | Create and Update Analytics Configs | ✅ | ✅ | |
| Delete Analytics | Delete Analytics Configs | ✅ | ||
| Read Notifications | Read and List Notification Channels | ✅ | ✅ | |
| Edit Notifications | Create and Update Notification Channels | ✅ | ||
| Delete Notifications | Delete Notification Channels | ✅ |