¶ Introduction
The Admin Console is a critical component of a Secure Access Service Edge (SASE) deployment, enabling administrators to manage all operations efficiently. This document outlines Role-Based Access Control (RBAC), including role definitions and the process of assigning roles to users. By configuring RBAC, administrators can grant users either full or limited access based on predefined roles.
¶ Scope of This Document
This guide covers the following topics:
Granting Full Admin Access
- Provides users with unrestricted access to the Admin Console.
- Users can perform all administrative operations.
Granting Read-Only Access
- Provides users with view-only permissions in the Admin Console.
- Users can access dashboards and data but cannot make changes.
Granting Custom Limited Access
- Assigns users a custom role with restricted access.
- Users can perform only the operations allowed within the defined role scope.
Change Access Role to User
Remove Access Role to User
By following this guide, administrators can effectively manage user permissions, ensuring security and operational efficiency within the SASE environment.
¶ Scope of This Document
When a workspace is created, two default RBAC roles —admin and readonly—are automatically generated, as shown below.
- Navigate to the MSP admin console -> Client Workspace
- Click on Users and Devices in the left menu bar and then click on Groups
- Click on Admin Console Roles
MSP admin shall identify the users to be part of admin or readonly roles and can assign them accordingly by following below steps.
¶ 1. Granting Full Admin Access
Follow the steps below.
- Navigate to the MSP admin console -> Client Workspace
- Click on Users and Devices in the left menu bar and then click on Groups
- Click on Admin Console Users and Click on Assign User Role
- Select User from dropdown and select admin Role from dropdown
- Click on Save as shown below
User is assigned to admin role. When user logs in next time, he will have full admin access.
¶ 2. Granting Read-Only Access
Follow the steps below.
- Navigate to the MSP admin console -> Client Workspace
- Click on Users and Devices in the left menu bar and then click on Groups
- Click on Admin Console Users and Click on Assign User Role
- Select User from dropdown and select readonly Role from dropdown
- Click on Save as shown below
User is assigned to readonly role. When user logs in next time, he will have limited read only access.
¶ 3. Granting Custom Limited Access
¶ 3.1 Create Custom Role
Follow the steps below.
- Navigate to the MSP admin console -> Client Workspace
- Click on Users and Devices in the left menu bar and then click on Groups
- Click on Admin Console Roles and Click on Add Role
- Enter Role Name and select either Edit, View or no permission for each section
- Click on Save as shown below
¶ 3.2 Assign Custom Role to User
- Navvigate to the MSP admin console -> Client Workspace
- Click on Users and Devices in the left menu bar and then click on Groups
- Click on Admin Console Users and Click on Assign User Role
- Select User from dropdown and select the Role (created on section 3.1) from dropdown
- Click on Save as shown below
User is assigned to the selected role. When user logs in next time, he will have access to different sections based on role definition.
¶ 4. Change Access Role to User
Follow the steps below.
- Navigate to the MSP admin console -> Client Workspace
- Click on Users and Devices in the left menu bar and then click on Groups
- Click on Admin Console Users tab
- Click on Name of the user for whom role has to be changed
- Change the Role from dropdown
- Click on Update as shown below
User is unassigned from previous role and assigned to new role. When user logs in next time, he will have access to different sections based on new role definition.
¶ 4. Remove Access to User
Follow the steps below.
- Navigate to the MSP admin console -> Client Workspace
- Click on Users and Devices in the left menu bar and then click on Groups
- Click on Admin Console Users tab
- Click on Un-Assign Role action against the user
- On Confirmation dialogue, Click on OK
User is unassigned from the role. When user logs in next time, he will not have access to sections based on role definition.
In case you encounter any issues or need assistance during the offboarding process, our dedicated Exium support team is available to help. Feel free to reach out to us at support@exium.net, and we will be more than happy to assist you every step of the way.