Roles
This article details the different roles options in the Security menu, including default roles, how to create a new role, and assign roles to users.
Introduction to roles
Users with the System administrator or Security administrator role can create and modify user roles in the system.
To manage roles, click Administration on the upper-right corner and under Security, select Roles. The Roles page displays a list view of the existing roles in the Brinqa Platform.
Default roles
The Brinqa Platform comes with several default roles, which can be deleted or modified as needed. The following table details the default roles in the Brinqa Platform:
Table 1: Default roles
Role | Description |
---|---|
Administrator | The administrator role grants read-only access to all data in the Brinqa Platform, without the ability to perform actions or modify configurations. |
Configurator | The configurator role has extensive access to the Brinqa Platform. The configurator role can create automations, clusters, risk scoring models, risk factors, and service-level agreements (SLA). However, this role does not include permissions to create, view, or modify access controls, data integrations, roles, security policies, or users. |
Remediation owner | The remediation owner role grants access to data through membership in a Remediation owners cluster or Informed users cluster. |
Risk analyst | The risk analyst role grants read-only access to specific data sets through clusters. Risk analysts can also participate in remediation requests as a requester or a reviewer. |
Risk owner | The risk owner role grants access to data through membership in a Risk owners cluster or Informed users cluster. |
Security administrator | The security administrator role can administer security policies with regards to user accounts and access control policies for roles. |
System administrator | The system administrator role has full access to the Brinqa Platform. |
User | The user role has read access to hosts, vulnerabilities, and tickets. This role does not have admin access. |
Access controls for default roles
The following table details some of the access controls associated with the default roles:
Table 2: Default access controls
Role | Object Type | Permission Allowed |
---|---|---|
Administrator | Indicators | Read |
Visualizations | Read | |
Reports | Read | |
Analytics source | Read | |
Configurator | Indicators | Read, Create, Update, Delete |
Visualizations | Read, Create, Update, Delete | |
Reports | Read, Create, Update, Delete | |
Analytics source | Read | |
Risk Analyst | Indicators | Read, Create, Update, Delete |
Visualizations | Read, Create, Update, Delete | |
Reports | Read | |
Analytics source | Read | |
System Administrator | Indicators | Read, Create, Update, Delete |
Visualizations | Read, Create, Update, Delete | |
Reports | Read, Create, Update, Delete | |
Analytics source | Read |
Create a new role
System administrators and Security administrators in the Brinqa Platform can create new roles. To do so, follow these steps:
-
Navigate to Administration > Security > Roles.
-
Click Create.
-
Fill out the Title, Name, Description, and Roles fields.
noteIf you select a role when you create a new role, the new role inherits all the permissions associated with the selected role.
-
Click Create.
The Roles page reloads and you should see your new role listed.
Assign roles to users
Users with the System administrator or Security administrator role can assign roles to users. To do so, follow these steps:
-
Navigate to Administration > Security > Users.
-
Select the user you want to assign the roles to.
-
Click the Roles drop-down and select the roles you want to assign to the user.
-
Click Update.
In addition to creating and assigning roles manually, the Brinqa Platform supports Just-In-Time (JIT) Provisioning with Microsoft Entra ID or Okta. This feature automatically creates user accounts and assigns appropriate roles in the Brinqa Platform based on their identities in these systems.
Edit or delete a role
Users with the System administrator or Security administrator role can edit or delete existing roles. Hold the pointer over the entry and click Edit or Delete to modify an existing role.