Role-based access control
Nobl9 supports role-based access control (RBAC) to ensure granular user permissions and access to resources in the Nobl9 platform.
Nobl9 RBAC features two levels of permissions: organization and project.
Role management is available in Nobl9 UI and with sloctl
using Role Binding.
Although the majority of operations a Nobl9 user can perform depends on their role, all users can do the following:
- Reset their passwords
Once a user clicks Forgot password, their status sets to Recovery and goes back to Active after the user submits their new password. - Generate access keys
User management
To access the list of users in your organization, go to Settings > Users.
You can search users by the following:
- User ID: search results appear only upon entering the full ID. Otherwise, no results are returned
- User email
- User first and last name
And filter the user list by:
- Status
- Organization roles
- Project roles
You cannot search users by project, role binding, and status.
User statuses
Users in your Nobl9 organization can have one of the following three statuses:
- Active: a user activated their Nobl9 account accepted the invitation and set their password. They can use Nobl9 according to roles and permissions assigned to them.
- Provisioned: a user was invited to your Nobl9 organization, but didn't accept the invitation yet. To gain access to Nobl9, according to their role, they must activate their account: set a password and select security question and picture.
- Deprovisioned: a user was deactivated by the admin.
The invitation link is valid for 30 days.
Depending on your Organization role, the options available for you differ. At maximum, an Organization admin can do the following:
- Add a user:
- 1. Click + Add userabove the list of users.
- 2. Fill in the user's information, considering every user must be assigned at least an organization role.
- ↪ Result: An invitation to join Nobl9 is automatically sent to the user.
- The status of the invited user is set to Provisioned.
- Once they accept the invitation, their status changes to Active.
- The organization role you assigned to them is applied upon their first login.
- Set the default role for their organization
- 1. Click Configure default role [2]. Select the required role.
- ↪ Result: The role you set is assigned to all new users in the organization at their first login to Nobl9.
- No changes are made to the existing user roles.
- Delete a user [3]:
- 1. Hover the cursor over their row in the Users list and click to the right.
- 2. Click Delete to confirm.
- ↪ Result: The user is permanently removed from the organization, along with their access keys.
- Their access to the Nobl9 UI and
sloctl
is revoked.
Click the required user to manage their roles and permissions. Under user details, you can find their email, user ID, status, and organization role.
Go to the Projects & roles and Organization roles tabs to handle the user's access to the required scope.
The Role origin column under the Projects & roles tab indicates where the role comes from.
Generally, the source of the Nobl9 project roles is your Nobl9 organization.
In the
- Assign a user to a project [1]:
- 1. Click + Assign project.
- 2. Select the required project and set the Project role for this user.
- To revoke user's access to a project, remove the required project in their row.
- You can also remove this user's project role under Catalog > Projects > the Users tab.
- Change the user's organization role [2]:
- 1. Go to Organization roles.
- 2. Click their role in the Organization role column.
- 3. Select the required role.
- Organization admins can manage project-level permissions for all projects
- Project owners can manage permissions for the projects they own
Removing yourself from a project permanently revokes your access to it. To restore the access, you will need to be re-added by an administrator. This applies to Organization admins as well.
Project management
Users can review and manage their projects in the Catalog section in the UI.
Under the Project tab, you can see the list of available projects.
Hover the cursor over the required project to edit or delete the project. Click it to open the project details.
Under the project details, you can access resources it encompasses. You can:
- Delete the resources and edit them using the resource wizards [1]
- Remove users from this project [2] under the Users tab
This section describes options available for the full permission set. Your available options depend on your Organization-level and Project-level role.
Default security status of projects in Nobl9
The default role for all new users in Nobl9 is Organization user (unless a different default role has been set for your organization). This role assumes that if you create a new project as an Organization admin, users who reside in your organization will not see this project in their project list (Catalog > Projects) or any SLOs related to this project.
Any project role allows the assigned users to view all resources this project holds.