Skip to main content

Role-based access control

Reading time: 0 minute(s) (0 words)

Nobl9 supports role-based access control (RBAC) to ensure granular user permissions and access to resources in the Nobl9 platform.

Nobl9 RBAC features two levels of permissions: organization and project.
Role management is available in Nobl9 UI and with sloctl using Role Binding.

Although the majority of operations a Nobl9 user can perform depends on their role, all users can do the following:

  • Reset their passwords
    Once a user clicks Forgot password, their status sets to Recovery and goes back to Active after the user submits their new password.
  • Generate access keys

User management

To access the list of users in your organization, go to Settings > Users.

You can search users by the following:

  • User ID: search results appear only upon entering the full ID. Otherwise, no results are returned
  • User email
  • User first and last name

And filter the user list by:

  • Status
  • Organization roles
  • Project roles
note

You cannot search users by project, role binding, and status.

User statuses

Users in your Nobl9 organization can have one of the following three statuses:

  • Active: a user activated their Nobl9 account accepted the invitation and set their password. They can use Nobl9 according to roles and permissions assigned to them.
  • Provisioned: a user was invited to your Nobl9 organization, but didn't accept the invitation yet. To gain access to Nobl9, according to their role, they must activate their account: set a password and select security question and picture.
  • Deprovisioned: a user was deactivated by the admin.
note

The invitation link is valid for 30 days.

Depending on your Organization role, the options available for you differ. At maximum, an Organization admin can do the following:

Add a user:
1. Click
+ Add user
above the list of users.
2. Fill in the user's information, considering every user must be assigned at least an organization role.
Result: An invitation to join Nobl9 is automatically sent to the user.
The status of the invited user is set to Provisioned.
Once they accept the invitation, their status changes to Active.
The organization role you assigned to them is applied upon their first login.
Set the default role for their organization
1. Click Configure default role [2]. Select the required role.
Result: The role you set is assigned to all new users in the organization at their first login to Nobl9.
No changes are made to the existing user roles.
Delete a user [3]:
1. Hover the cursor over their row in the Users list and click plus button to the right.
2. Click Delete to confirm.
Result: The user is permanently removed from the organization, along with their access keys.
Their access to the Nobl9 UI and sloctl is revoked.
User management
User management

Click the required user to manage their roles and permissions. Under user details, you can find their email, user ID, status, and organization role.

Go to the Projects & roles and Organization roles tabs to handle the user's access to the required scope.

Role origin

The Role origin column under the Projects & roles tab indicates where the role comes from.

Generally, the source of the Nobl9 project roles is your Nobl9 organization. In the

edition, you can leverage your third party identity management solution for user group management. This lets you create user groups within the third party system and efficiently assign Nobl9 platform roles to multiple users at once.

Assign a user to a project [1]:
1. Click
+ Assign project
.
2. Select the required project and set the Project role for this user.
To revoke user's access to a project, remove the required project in their row.
You can also remove this user's project role under Catalog > Projects > the Users tab.
Change the user's organization role [2]:
1. Go to Organization roles.
2. Click their role in the Organization role column.
3. Select the required role.
User details
Assigning a project and changing the organization role
Permission management
  • Organization admins can manage project-level permissions for all projects
  • Project owners can manage permissions for the projects they own
warning

Removing yourself from a project permanently revokes your access to it. To restore the access, you will need to be re-added by an administrator. This applies to Organization admins as well.

Project management

Users can review and manage their projects in the Catalog section in the UI.

Under the Project tab, you can see the list of available projects.

Hover the cursor over the required project to edit or delete the project. Click it to open the project details.

Under the project details, you can access resources it encompasses. You can:

  • Delete the resources and edit them using the resource wizards [1]
  • Remove users from this project [2] under the Users tab
Managing project resources
Project resource management
The list of options you see may be incomplete

This section describes options available for the full permission set. Your available options depend on your Organization-level and Project-level role.

Default security status of projects in Nobl9

The default role for all new users in Nobl9 is Organization user (unless a different default role has been set for your organization). This role assumes that if you create a new project as an Organization admin, users who reside in your organization will not see this project in their project list (Catalog > Projects) or any SLOs related to this project.

Any project role allows the assigned users to view all resources this project holds.