Skip to main content

Role-based access control

Reading time: 0 minute(s) (0 words)

Nobl9 supports role-based access control (RBAC) to ensure granular user permissions and access to resources in the Nobl9 platform.

Nobl9 RBAC features two levels of permissions: organization and project. Role management is available in Nobl9 UI, with sloctl using Role Binding or via the Nobl9 Terraform provider.

Although the majority of operations a Nobl9 user can perform depends on their role, all users can do the following:

  • Reset their passwords
    Once a user clicks Forgot password, their status sets to Recovery and goes back to Active after the user submits their new password.
  • Generate access keys

User management

Organization admins can set the default role for their organization.
To do this this, go to Settings > Access Controls [1], click Configure Default Role, and select the required role. Once set, the default role is displayed next to Configure Default Role. Further, this role is assigned to all new users in the organization at their first login to the Nobl9 app.

Access Controls is the place for granular user management. The widest set of options is available for Organization admins. Project owners can perform user management in terms of projects they own.

Access controls
Access controls
Add a user:
1. Click above the list of users.
2. Fill in the user's information, considering every user must be assigned at least an organization role.
Result: An invitation to join Nobl9 is automatically sent to the user.
The status of the invited user is set to Pending.
The organization role you assigned to them is applied upon their first login.
Once the user accepts the invitation, their status changes to Active.
Delete a user [2]:
1. Hover the cursor over their row in the Users list and click plus button to the right.
2. Click Delete to confirm.
Result: The user is permanently removed from the organization, along with their access keys.
Their access to the Nobl9 UI and sloctl is revoked.
Suspend a user [3]:
1. Click the status of the required user in the Users list
2. Select Suspended.
Result: The user's access to the Nobl9 UI and sloctl is temporarily locked and their access keys are deactivated.
Their record is kept in the database, and they can be reactivated at any time.
Change the user's organization role [4]:
Select the required role in the list under the Organization Role column.
Assign a user to a project [5]:
1. Click project to the right in their row.
2. Select the required project and set the Project role for this user.
When the required user has access to several projects, the information about their roles and projects is folded, and you see only the number of their roles and projects.
3. Unfold their details [6] to proceed.
To revoke user's access to a project, remove the required project in their row.
Permission management
  • Organization admins can manage project-level permissions for all projects
  • Project owners can manage permissions for the projects they own
warning

Removing yourself from a project permanently deletes your access. You will need to be re-added by an administrator if you wish to restore access to it. This applies to Organization admins as well since they cannot edit their own permissions.

Project management

Users can review and manage their projects in the Catalog section in the UI.

Under the Project tab, you see the list of available projects.

Hover the cursor over the required project to edit or delete the project. Click it to open the project details.

Under the project details, you can access resources it encompasses. You can:

  • Delete the resources and edit them using the resource wizards [1]
  • Remove users from this project [2] under the Users tab
Managing project resources
Project resource management
The list of options you see may be incomplete

This section describes options available for the full permission set. Your available options depend on your Organization and Project role.

Default security status of projects in Nobl9

The default role for all new users in Nobl9 is Organization user (unless a different default role has been set for your organization). This role assumes that if you create a new project as an Organization admin, users who reside in your organization will not see this project in their project list (Catalog > Projects) or any SLOs related to this project.

Any project role allows the assigned users to view all resources this project holds.