Configure Role-Based Access
Access control provides a role-based system to authenticate users in BeyondInsight for Unix & Linux (BIUL). Users are assigned roles based on the level of access they need to do their BIUL job functions.
Areas in the console require certain permissions. If a user is not assigned those permissions, then they cannot access those features in the console. For example, the policyadmin role is required for an authenticated user to interact with policy.
Roles can be assigned to either a user account or a group.
The account created during the first run wizard is assigned the sysadmin role. This role has full privileges in the system.
The following roles are available:
- sysadmin: All roles; can do everything
- policyadmin: Full access to policy management
- softwareadmin: Full access to software management (deploy software, remove, etc.)
- auditor: Full access to log features
- accountadmin: Full access to controlling console access
- apiuser: Full access to using the public REST API
Full access to the entitlement gives the user or group the following permission attributes: create, view, update, and delete.
You can assign roles in two ways:
- On the Settings > Console Access > Users page. Provision roles on the details page for users and groups.
- On the Settings > Roles > Users page. See the following sections for details.
For more information on provisioning roles for users, see Assign a Role to a User Account.
Assign a Role to User Accounts
- Click Settings > Roles.
- Select a role from the list.
- Click the Users tab.
- Click the Users without this role button to see users that do not currently have this role.
- Check the boxes for users you want to add.
- Click Add Selected Users.
Assign a Role to Groups
- Select Settings > Roles.
- Select a role from the list.
- Click the Groups tab.
- Click the Groups without this role button to see groups that do not currently have this role.
- Check the boxes for groups you want to add.
- Click Add Selected Groups.
