6.2 Role Based Access Control - BlueCat Infrastructure Assurance - 25.2.0

BlueCat LiveAssurance User Guide
ft:locale
en-US
Product name
BlueCat Infrastructure Assurance
Version
25.2.0

Role-based access control (RBAC) helps you manage who has access to LiveAssurance resources and what operations they can do with those resources. LiveAssurance supports two user-defined user privileges; Administrator and Read-Only. The Administrator role can control all aspects of the system, including assigning different roles with different privileges to users. The Read-Only role provides an access control category which permits a user to log into LiveAssurance with restricted functions. Typically, a Read-Only role is assigned to an operator. You can also create as many as 100 custom roles in the system.

LiveAssurance maintains at least one local administrator account and will not allow users to delete it. Contact BlueCat Customer Care if you need assistance resetting the local administrator account.

Selecting Permissions for Specific Actions

Each non-admin role can be configured with a custom set of actions and screens when creating or editing the role.

Selecting a permission enables it, allowing the user to access the relevant function.

Show Button

The Show button is unique in the sense that it is the only button which does not exert control over a specific UI function. Instead, the Show button allows access to the page from which the relevant UI functions can be carried out.

Note: The Show button is automatically selected whenever any permission for a specific action is selected.

Configuring User Level Privileges

Note: Only Administrator level users can change permission levels and assign roles to users.

To configure RBAC for an individual local user, navigate to the Users tab (Settings > Users) and select the user you want to assign a user privilege to. In this example, the user ‘example-user’ is assigned Read Only privilege, as shown in the following image.

Configuring User Privileges at Group level

An Administrator can also assign roles to groups. For example, if there are 100 users within an LiveAssurance user group, assigning roles to a group will simplify the user management.

To configure RBAC for a group, navigate to the Groups tab (Settings > Groups) and edit the relevant groups to assign the specified role.

Read-Only Privilege

Users with Read-Only access cannot perform any UI functions and cannot access configuration screens. The following functions cannot be accessed by Read-Only Roles:

  1. Analysis and reports
    • Viewing existing reports or creating new ones

  2. Credential Management

    • Viewing, creating or editing credential sets
  3. Devices:
    • Adding or removing devices
    • Creating, removing or modifying labels
  4. Issue administration:
    • Configuring the issue settings (e.g. severity, thresholds).

  5. Rules: Creating or deleting rules

    • Disabling rules
  6. Backups
    • Creating, deleting or editing backup jobs
  7. About
    • Updating system version
  8. Integrations
    • Creating, editing or deleting integrations
  9. Authentication
    • Creating, editing or deleting authentications
  10. Users
    • Creating, editing or removing users
  11. Application Settings
    • Edit application settings

Version Migration

When you migrate from a previous version of LiveAssurance, existing users will remain as administrative users. LiveAssurance will not try to “guess” which users should maintain administrative privileges and which users should have read-only access. The administrator is expected to reset the appropriate privileges.