Users and Roles
An account can have multiple users, and each user has a role that defines what they can see and do. When a new account is created, the first user has an admin role which allows that user to create and manage additional users for the account.
User roles and description
The following user roles are available:
Role | Description |
---|---|
admin | admin users have full access to the account and can also manage other users and their access. |
platform | platform users can access all other resources including Compliance, Inventory Report, Policies, but cannot manage users. |
security | security users can view the Policy Report and manage Policy Exceptions. They have the privilege to review Policy Exception requests and have access to Compliance, Clusters, and Repositories, but cannot manage users. |
devops | devops users are the least privileged user. A devops user can view the Policy Report and Create Policy Exceptions. They do not have access to Compliance, Inventory Report, and cannot manage users. |
Configuring user roles and permissions
Identity & Access management (IAM) lets you add users, set user privileges, group users in teams, and allows setting up the access methods such as Security Assertion Markup Language (SAML), OpenID Connect (OIDC), and Multi-Factor Authentication (MFA).
IAM offers configuring:
- Users and Roles
- Teams
- OpenID Connect based authentication
- Multi-factor authentication
- Granular IAM
- Security Assertion Markup Language (SAML) based authentication