RBAC (Role-Based Access Control)
Role-Based Access Control (RBAC) is a cornerstone of modern access management, ensuring that users have the exact permissions they need—no more, no less. Escape's RBAC features allow organizations to meticulously define roles and fine-grained permissions, ensuring robust security, streamlined operations, and maximized productivity.
Escape's RBAC is accessible under the "Organization" Settings, and at the "Application" settings level.
Core Roles
Escape defines roles via a mapping between features and CRUD permissions for each features. The following are the core features that can be configured in Escape:
- Applications: Applications created from discovered endpoints in the inventory, with their scan configurations and scan results.
- Inventory: The Escape inventory, built from the discovered endpoints via integrations, and crawling.
- Integrations: All the integrations that are configured in Escape to discover and enrich your organizational context.
- Reporting: Your organizational dashboard to visualize the data from the inventory and the applications, your progress and security posture.
- Notifications: Your configured notification workflows, and the history of the triggered notificat.
RBAC Table
| Feature | Administrator | Editor | Viewer | None |
|---|---|---|---|---|
| All Applications | Allow users to perform all application and scan operations | Allow users to browse all scan results, start scans, update configurations | Allow users to browse all scan results | No access |
| Inventory | Allow users to perform all inventory operations | Allow users to browse the inventory, update endpoints data, set labels | Allow users to browse the inventory and view endpoints data | No access |
| Integrations | Allow users to perform all operations including create, read, update, delete | N/A | N/A | No access |
| Reporting | Allow users to perform all operations including create, read, update, delete | N/A | N/A | No access |
| Notifications | Allow users to perform all notification operations | Allow users to create, update and delete custom notification workflows | Allow users to view custom notification workflows | No access |
Fine-Grained Application Permissions
Beyond the core roles, Escape provides the flexibility to define permissions at the granular application level. This ensures that users or business units can be restricted or permitted to specific applications, aligning with their job responsibilities and the principle of least privilege.
You can simply configure the permissions for each application by selecting the role for each application.
