Skip to main content

Roles

This article details the different roles options in the Security menu, including default roles, how to create a new role, and assign roles to users.

Introduction to roles

Users with the System administrator or Security administrator role can create and modify user roles in the system.

To manage roles, click Administration admin-button on the upper-right corner and under Security, select Roles. The Roles page displays a list view of the existing roles in the Brinqa Platform.

Default roles

The Brinqa Platform comes with several default roles, which can be deleted or modified as needed. The following table details the default roles in the Brinqa Platform:

Table 1: Default roles

RoleDescription
AdministratorThe administrator role grants read-only access to all data in the Brinqa Platform, without the ability to perform actions or modify configurations.
ConfiguratorThe configurator role has extensive access to the Brinqa Platform. The configurator role can create automations, clusters, risk scoring models, risk factors, and service-level agreements (SLA). However, this role does not include permissions to create, view, or modify access controls, data integrations, roles, security policies, or users.
Data exporterThe data exporter role grants permissions to download data from list views and access the GraphQL Explorer. This role only grants export privileges. To grant access to the relevant data, you must assign additional roles to the same user, such as Administrator, Remediation owner, or Risk owner.
System administrators can export data without needing the data exporter role assigned to them.
Remediation ownerThe remediation owner role grants access to data through membership in a Remediation owners cluster or Informed users cluster. Users with this role can see data in the Remediation owner dashboard.
Risk analystThe risk analyst role grants read-only access to specific data sets through clusters. Risk analysts can also participate in remediation requests as a requester or a reviewer.
Risk ownerThe risk owner role grants access to data through membership in a Risk owners cluster or Informed users cluster. Users with this role can see data in the Risk owner dashboard.
Security administratorThe security administrator role can administer security policies with regards to user accounts and access control policies for roles.
System administratorThe system administrator role has full access to the Brinqa Platform.
UserThe user role has read access to hosts, vulnerabilities, and tickets. This role does not have admin access.

Access controls for default roles

The following table details some of the access controls associated with the default roles:

Table 2: Default access controls

RoleObject TypePermission Allowed
AdministratorIndicatorsRead
VisualizationsRead
ReportsRead
Analytics sourceRead
ConfiguratorIndicatorsRead, Create, Update, Delete
VisualizationsRead, Create, Update, Delete
ReportsRead, Create, Update, Delete
Analytics sourceRead
Risk AnalystIndicatorsRead, Create, Update, Delete
VisualizationsRead, Create, Update, Delete
ReportsRead
Analytics sourceRead
System AdministratorIndicatorsRead, Create, Update, Delete
VisualizationsRead, Create, Update, Delete
ReportsRead, Create, Update, Delete
Analytics sourceRead

Create a new role

System administrators and Security administrators in the Brinqa Platform can create new roles. To do so, follow these steps:

  1. Navigate to Administration admin-button > Security > Roles.

  2. Click Create.

  3. Fill out the Title, Name, Description, and Roles fields.

    note

    If you select a role when you create a new role, the new role inherits all the permissions associated with the selected role.

  4. Click Create.

The Roles page reloads and you should see your new role listed.

Assign roles to users

Users with the System administrator or Security administrator role can assign roles to users. To do so, follow these steps:

  1. Navigate to Administration admin-button > Security > Users.

  2. Select the user you want to assign the roles to.

  3. Click the Roles drop-down and select the roles you want to assign to the user.

  4. Click Update.

In addition to creating and assigning roles manually, the Brinqa Platform supports Just-In-Time (JIT) Provisioning with Microsoft Entra ID or Okta. This feature automatically creates user accounts and assigns appropriate roles in the Brinqa Platform based on their identities in these systems.

Edit or delete a role

Users with the System administrator or Security administrator role can edit or delete existing roles. Hold the pointer over the entry and click Edit or Delete to modify an existing role.