Role Based Access Controls (RBAC)

Follow

Role Based Access Controls (RBAC) allow you to granularly control permissions within the Automox console. Currently, four default roles are supported.

Default Roles

  • Full Administrator - Able to control all aspects of the Automox Console
  • Patch Administrator - Can create/read/modify/delete all Policies and Server Groups. Can add machines to the organization
  • Billing Administrator - Can modify billing settings for their org and read all aspects of the Automox Console
  • Read Only - Able to read all aspects of the Automox console

Available Permissions

Permission Description
Custom Policy  
- Create Allows users to create Custom Policies
- Delete Allows users to delete Custom Policies
- Modify Allows users to modify Custom Policies
- Execute Allows users to execute Custom Policies
- Read Allows users to read Custom Policies
Required Software Policy  
- Create Allows users to create Required Software Policies
- Delete Allows users to delete Required Software Policies
- Modify Allows users to modify Required Software Policies
- Execute Allows users to execute Required Software Policies
- Read Allows users to read Required Software Policies
Patch Policy  
- Create Allows users to create Patch Policies
- Delete Allows users to delete Patch Policies
- Modify Allows users to modify Patch Policies
- Execute Allows users to execute Patch Policies
- Read Allows users to read Patch Policies
EndPoints  
- Add Allows users to add endpoints to the organization
- Delete Allows users to delete endpoints from the organization
- Manage Allows users to manage endpoints in the organization
- Read Allows users to read endpoints in the organization
Server Groups  
- Create Allows users to create Server Groups
- Delete Allows users to delete Server Groups
- Modify Allows users to modify Server Groups including changing names and adding endpoints
- Read Allows users to read Server Groups
Reports  
- Read Allows users to read Reports
RBAC Roles  
- Create Allows users to create custom RBAC Roles
- Delete Allows users to delete custom RBAC Roles
- Modify Allows users to modify custom RBAC Roles
- Read Allows users to read custom RBAC Roles
Billing  
- Modify Allows users to modify Billing settings
- Read Allows users to read Billing settings
Users  
- Invite Allows users to invite other users
- Delete Allows users to delete other users
- Modify Allows users to modify other users including assignments of RBAC Roles and Server Groups
- Read Allows users to read information about other users
Organization  
- Manage Allows the user to manage Organization info and configurations. This includes security configs such as SAML as well as Org Preferences.
- Create Allows the user to create new Organizations
- Read Allows the user to read Organization info
Package  
- Manage Allows users to manage packages/server packages. This includes deferrals and ignoring packages.
- Read Allows users to read package/server packages info.
Software  
- Read Allows users to read Software info

 

Assigned Permissions

Permission Full Administrator Patch Admin Billing Admin Read Only
Custom Software Policy        
- Create X X    
- Delete X X    
- Modify X X    
- Execute X X    
- Read X X X X
Required Software Policy        
- Create X X    
- Delete X X    
- Modify X X    
- Execute X X    
- Read X X X X
Patch Policy        
- Create X X    
- Delete X X    
- Modify X X    
- Execute X X    
- Read X X X X
EndPoints        
- Add X X    
- Delete X X    
- Manage X X    
- Read X X X X
Server Groups        
- Create X X    
- Delete X X    
- Modify X X    
- Read X X X X
Reports        
- Read X X X X
RBAC Roles        
- Create X      
- Delete X      
- Modify X      
- Read X X X X
Billing        
- Modify X   X  
- Read X   X X
Users        
- Invite X      
- Delete X      
- Modify X      
- Read X   X X
Organization        
- Manage X      
- Create X      
- Read X X X X
Package        
- Manage X X    
- Read X X X X
Software        
- Read X X X X

 

Additional Notes

User Creation and Modification

  • Users that are created as part of a new organization creation will default to the Full Administrator Role
  • Users that are invited to an existing org will default to the Read Only Role, however, during the invite process, users can specify an RBAC role for the newly invited user
  • Users cannot modify their own RBAC Role or assigned Server Groups, even if they are a Full Administrator
  • As part of the initial migration, all users will be assigned the Full Administrator role
  • Users provisioned through SAML are created with a default Read Only Role

Org Preference

  • By default, RBAC will be disabled for all orgs
  • In order to enable RBAC, reach out to support@automox.com
  • RBAC will be available for plans above Basic
Have more questions? Submit a request

0 Comments

Please sign in to leave a comment.