About RBAC Permissions

Using Role-Based Access Control, an admin of an organization can empower their users with specific abilities or tools using permissions. Each user is defined by a role and assigned to a team; these aspects of the user's values in RBAC's organizational system will specify which permissions are available to them.

A team is a collection of multiple users identified as a single group unit within RBAC. A role is a defined set of permissions that can be granted to a user. Users assigned a certain role are considered "members" of that role, and members of a role are granted the permissions assigned to that role.

When a user is creating a new team, the following permissions are displayed, along with the team roles for whom the permissions applies:

RBAC_2_A.png

A team permission can be granted to the team owner, a team admin, a team member, or any combination of those three. A purple toggle indicates that the permissions is active; a grey toggle means the permissions is inactive and therefore not granted to the indicated user. Toggles that appear faded are in their default state for the indicated user group and are locked. For example, in the picture above, by default the team owner has all permissions granted to them, and these permissions cannot be taken away from the team owner--so the toggles are all purple (active) and faded.

The permissions for a team can be described as follows:

Permission Codes Description
settings.modify Can change settings for team
members.modify Can change members on team
devices.modify Can change devices for team
member.make_admin User can make a member an admin (only available for Team Owner)
member.make_owner User can make a member an owner (only available for Team Owner)

 

Every user is assigned a role to determine what actions they can take in the Kobiton portal. These roles can be customized so that different users have unique sets of permissions (for example, a role called "App Manager" that has all app repo permissions assigned and none of the others, or a "Universal" role with all of the permissions assigned.) The actions contained in each permissions are described below:

RBAC_2_B_roles_perm_part_1.pngRBAC_2_C_roles_perm_pt_2.png

Role permissions:

Types
Permission codes
Meaning

App Repo

app_repo.delete_other_application

Delete other users' public apps (this also includes private apps if the view_all permissions below is enabled)

app_repo.view_all_application

View all public/locked apps

app_repo.upload_application

Upload app; can also rename an app uploaded by the user previously

Device

device.custom_device_name

User can create custom device name

Device Tag

device.tag_devices

User can create tags for devices

Organization Management

org_management.modify

User has access to all abilities in org management tab (create, edit, invite user, etc… for Groups/Roles/Users/Devices Bundle

Softbook

soft_book.terminate_other_soft_book

Delete other users' softbook

Session

session.view_all_session

View all sessions in the org

session.terminate_other_session

Terminate others (all) session

session.modify_other_session

Modify information of session (e.g, session name, etc.); also allows user to delete sessions

Organization Settings

org_setting.modify

View and edit cleanup policy (org level) + iFrame + Integration (disable/enable) + Other Settings

org_setting.modify_sso_setting

View and edit SSO settings/configuration

 

Note: Team permissions are somewhat limited by the Owner/Admin/Member structure of teams, and some permissions can only be held by a user with a specific team user status of Owner or Admin. Role permissions do not have this limitation as they are designed to be highly customizable.

Was this article helpful?
0 out of 0 found this helpful