Role based Access Control (RBAC) allows you to create roles and give them access and permissions as an Administrator or a General user. These roles ensure that no one has access to information without appropriate privileges. Access controls can be applied both at broader and granular levels.
Administrators can define the role of the new users like General User or create other Admin Users and are able to assign scope to users and allow / restrict the access of users. Admin Users have the privileges to change user permissions and can allow / revoke the access of the mapped user.
Creating logical partitions for your data and users using scope
The DNIF datastore is where all the data is indexed. It is usually located within the organization’s network, secure from external threats and ready to respond with low latency. Multiple datastores can be set up to provide horizontal scalability.
The DNIF Datastore is further logically partitioned into multiple scopes, each scope can hold data that needs to be segregated. As an example an organisation might be working with data that is originating from different device types or departments or application groups and require a segregated user base.
As an example your organization could have multiple business units with different security teams, these teams will use the same platform and infrastructure to analyze events originating from their devices. These teams can use different scopes to segregate their devices and can set up access in a way every user of a scope is limited to query events from devices tagged their respective scopes only.
Managed Security Service Providers (MSSP) could use different scope names to partition data from different customers, this data is stored in logically different containers and provides a segregated Role Based Access Control (RBAC).
Scopes are logical partitions within the datastore and there can be multiple scopes within a single datastore.
- Role management defines the scope wise access level settings and their respective boundaries.
- Scope administrators can monitor, manage, restrict or allow all user level privileges.
- Scope can be defined on Access Levels: A user can have access to zero, some or all of the scopes as per the requirement.
- Example: A user group of administrators can have access to all the scopes in the enterprise
- Each scope will have the following entities to itself and cannot be accessed without the right privileges.
- The Scope Admin can allow / deny users with the following views
|Connections||Users with a connection access can establish connections with the datastores listed and search for logs on the basis of a particular datastore.|
|Dashboard||Users with Dashboard access can view different widgets to a single place or provide a specific way for a user to interact with the DNIF.|
|Devices||Users with a Devices view can Add Devices to DNIF.|
|Event Store||Users with Event store access can manually upload logs, and do a retrospective analysis on this data. They can also search, make reports, visualize data on a dashboard|
|Inbox||Users with an inbox view can have access to all the triggered events.|
|Notif Group||Users with Notif Group access can map email addresses to a group. It is similar to contact groups in GMAIL. An analyst can trigger modules and incidents from a filtered dataset. The directive can also be used for sending instant notifications or alerts based on the insights gathered from the data.|
|Repository||Users with access to the repository will have access to all the packages and its purpose.|
|Search||Users with search access can search through the data gathered and collated by DNIF.|
|Usage||Users with a usage view can monitor data usage trends for the last quarter (90 days).|
RBAC is quite the fundamental aspect of identity and access management and it enforces custom made security for each enterprise. It streamlines the administration process and reduces the overall production cost and timelines.