With the release of the New Alert Logic Console Universal Navigation comes role-based access controls, which provide a unified way to manage authorization of and access controls for users. The addition of role-based access controls simplifies the management of user permissions in the Alert Logic® console.
This article provides you detailed information on the five user roles available, as well as how these roles map to the user permissions, so that you can knowledgeably choose the appropriate user roles for your team.
Note: The phrase "assigned account" below refers to your own Alert Logic account. This is the default account that you will land on after you log in with your Alert Logic credentials.
Note: The phrase "managed account" below refers to any accounts that may be attached to your assigned account. These are like 'child' accounts that you can switch into. Managed accounts are used by decentralized organizations that want clear segregation between business units or by service providers with multiple customers.
In This Article
The following are the user roles available within the Alert Logic console:
Note: Checking the Notification Target Only box when creating or editing a user will allow the user to receive notifications but not access the products.
- Administrator. The Administrator role allows you full management and read access on your assigned and managed accounts. This role is the only one that can create or delete users for both assigned and managed accounts. It also allows you to control features for your assigned and managed accounts.
- Use this role primarily for user management and sparingly for your master and super-user account.
- Owner. The Owner role allows full management and read access for the user account they are assigned, but do not have the ability to edit other user accounts. Owners also have full read and modify permissions to any managed accounts, including the ability to edit users on the managed accounts. Owner accounts cannot create or delete users in managed accounts.
- Use this role to delegate daily configuration management activities on your assigned and managed accounts that do not include user management.
- Power User. The Power User role is similar to the Owner role, but with view-only access to your managed accounts. You can do configuration management on your assigned account but can only view the information on your managed accounts - not change it. You cannot do any user management.
- Use this role to delegate configuration management activities on your assigned account, but not to delegate management of managed accounts or of users.
- Support/Care. The Support/Care role provides read access to your assigned and managed accounts.
- Use this role to delegate read access to your assigned and managed accounts for individuals that need to be able to support and troubleshoot on these accounts.
- Read Only. The Read Only user has read-only access to your assigned account and cannot view information on your managed accounts.
- Use this role if you want to delegate visibility to your assigned account but do not want any visibility on your managed accounts.
The table below gives you a visualized understanding of the privileges of each role. It is important to note while reviewing the privileges that you only have downstream access to your accounts. If your account is managed, none of these roles allow you to see within the accounts above yours.
|Administrator||Owner||Power User||Support/Care||Read Only|
|Full Access & User Management||X|
|Modify Managed Accounts||X||X|
|Modify Assigned Accounts||X||X||X|
|Read Managed Accounts||X||X||X||X|
|Read Assigned Accounts||X||X||X||X||X|
If none of the user roles laid out above seem to fit your needs, contact Alert Logic Support for additional guidance.