Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Defense: Is it Possible to Prevent Users From Creating or Assigning RBAC Roles With All Permissions?

CB Defense: Is it Possible to Prevent Users From Creating or Assigning RBAC Roles With All Permissions?

Environment

  • CB Defense PSC Console: March '19 Release and later (0.45)

Question

Is it possible to prevent PSC Console users with Manage Roles and Manage Users permissions from creating or assigning a customized RBAC role that is assigned all permissions?

Answer

  • Yes. Because RBAC permissions are hierarchical in nature, users cannot assign or create roles that include permissions they do not have themselves
  • For example, a User that is assigned permission to Manage Roles and Users but not Connectors cannot assign permission to manage Connectors
  • That same User would also not be able to assign roles that include permission to manage Connectors

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎03-22-2019
Views:
362
Contributors