Role-based access control is used to manage the permissions of all Alert Logic users. This means that all users are assigned a single role, for example Administrator, that defines which actions are allowed and denied to that user. Access control is applied to all actions performed by API and in the Alert Logic console, and to all actions performed by Alert Logic users.
This article provides detailed information on the five standard user roles available, as well as how these roles map to permissions, so that you can choose the appropriate user roles for your team.
Note: The phrase "assigned account" refers to your own Alert Logic account. This is the default account that you see when you log in with your Alert Logic credentials. The phrase "managed account" refers to any accounts that may be attached to your assigned account. These are also referred to as the 'child' accounts of the 'parent' that manages them. Managed accounts are used by decentralized organizations that want clear segregation between business units or by service providers with multiple customers.
In This Article
User Roles
The following user roles are available within the Alert Logic console:
Note: Checking the Notification Target Only box when creating or editing a user will allow the user to receive notifications but not access the product.
- Administrator. The Administrator role allows you full configuration of your assigned and managed accounts. This role is the only one that can create, modify, or delete users for both assigned and managed accounts.
- Use this role primarily for user management.
- Use this role primarily for user management.
- Owner. The Owner role allows configuration of the assigned and managed accounts. An Owner can create, modify, or delete users in managed accounts, but unlike the Administrator role, the Owner role does cannot do so in the assigned account.
- Use this role to delegate daily configuration management activities on your assigned and managed accounts that do not include user management.
- Power User. The Power User role is similar to the Owner role, but with read-only access to managed accounts. A Power User can configure the assigned account but can only view the information in managed accounts. Power Users cannot create, update, or delete other users.
- Use this role to delegate configuration management activities on your assigned account, but not to delegate management of managed accounts or of users.
- Support/Care. The Support/Care role provides read-only access to your assigned and managed accounts.
- Use this role to view all data in your organization but not make and configuration changes.
- Use this role to view all data in your organization but not make and configuration changes.
- Read Only. The Read Only user has read-only access to your assigned account but no access to managed accounts.
- Use this role to allow viewing your assigned account only.
- Use this role to allow viewing your assigned account only.
Mapping of Roles to User Permissions
The table below summarizes each role, based on the ability to view, configure, or manage users in the assigned and managed accounts.
Note: For more specific role-based permissions related to Cloud Defender entitlements, see the Role-Based Permissions in Alert Logic Cloud Defender knowledge base article.
View Data | Edit Configuration | Edit Users |
|
Administrator | All accounts |
All accounts |
All accounts |
Owner | All accounts |
All accounts | Managed accounts only |
Power User | All accounts | Assigned account only | |
Support/Care | All accounts | ||
Read Only | Assigned account only |
Note: A user can always manage their own user data - to reset passwords or change their subscription to notifications, for example.
Additional Support
If none of the user roles described above seem to fit your needs, contact Alert Logic Support for additional guidance.
Comments
0 comments
Please sign in to leave a comment.