Access control

Introduction to access control

Administrators can create access controls for roles within the system, determining which modules they can access and how they can interact with them (e.g. create, read, update, and delete). The system starts with certain default permissions, but these can be expanded or modified via the access control module.

Administration > User Administration > Access Control will take you to the Manage Access Control page, which displays a list view of all existing access controls.

Table 1: List view contents

Columns Description
Title Title of the access control
Type Type of module the control is for. Types include:
Config Items: Administrative objects like data models and mappings
Views: reports and dashboards
System: system JSON and indexing
Data Models: data models like vulnerabilities or tickets
Operation Access type the rule is for (e.g. create, read, update, delete). Operations are covered in detail below.
Resource The object that is the target of the permissions
Roles Roles that have this permission
Active Whether this permission is active. Inactive permissions are effectively archived.

Operation types

Operations are the type of access a user will have to a particular module, like the ability to view or modify its contents.

Table 2: Operation types

Operation Description
Create Allows users to create new instances of objects of that resource type.
Read Allows users to view objects from that resource on list views, view individual instances of those objects (e.g. particular tickets or data sources), view those objects on relationship panels, and view data about those objects on reports, if they also have read access to reports.
Update Allows users to edit and save existing objects of that resource type.
Delete Allows users to delete existing objects of that resource type.
Test Connection Allows users to perform the "test connection" function. This function is specific to the creation of data sources from the administrative back-end.
Manage Allows users to perform the "re-index" function on the database.
Trigger Allows users to perform the "trigger now" function on notifications.
Import Allows users to perform the import function on system JSON from the administrative back-end.
Export Allows users to perform the export function on system JSON from the administrative back-end.
Run Allows users to run reports.
Share Allows users to share reports with others.

Default access controls

Brinqa applications come with default roles and permissions. The tables below cover the permissions of Configurator, Risk Analyst, Security Analyst, and User roles. Administrators have complete access to all modules.

Configurator

Table 3: Configurator permissions

Permission Resource
Create, Read, Update, Delete Data Mapping
Create, Read, Update, Delete Data Model
Create, Read, Update, Delete Data Model Mapping
Create, Read, Update, Delete Data Server
Create, Read, Update, Delete, Test Connection Data Source
Create, Read, Update, Delete Data Source Rule
Manage Index
Create, Read, Update, Delete Mail Template
Create, Read, Update, Delete, Trigger Notification
Create, Read, Update, Delete Notification Script
Create, Read, Update, Delete Rule
Create, Read, Update, Delete Scheduled Notification
Create, Read, Update, Delete Scheduled Rule
Create, Read, Update, Delete Scheduled Sync
Import, Export Settings
Create, Read, Update, Delete Ticket Creation Rule
Create, Read, Update, Delete Ticket Closing Rule
Create, Read, Update, Delete Views

Security Analyst

Table 4: Security Analyst permissions

Permission Resource
Create, Read, Update, Delete Access Control
Create, Read, Update Password Policy
Create, Read, Update, Delete Role
Create, Read, Update, Delete User

Risk Analyst

Table 5: Risk Analyst permissions

Note

Risk Analysts have the User role as their parent, so inherent its permissions in addition to these listed below.

Permission Resource
Create, Update, Delete Application
Create, Update, Delete Business Service
Create, Read, Update, Delete Business Unit
Create, Read, Update, Delete Company
Create, Update, Delete Component
Read Data Model
Create, Read, Update, Delete Department
Create, Read, Update, Delete Division
Create, Update, Delete Host
Create, Update, Delete Issue
Create, Update, Delete Issue Definition
Create, Read, Update, Delete Location
Create, Read, Update, Delete, Run, Share Report
Create, Update, Delete Ticket
Read User
Update, Delete Views
Create, Update, Delete Vulnerability
Create, Update, Delete Vulnerability Definition

User

Table 6: User permissions

Note

Risk Analysts have the User role as their parent, so inherent its permissions.

Permission Resource
Read Application
Read Business Service
Read Component
Read Host
Read Issue
Read Issue Definition
Read Ticket
Read Vulnerability
Read Vulnerability Definition

Create a new access control

  1. Navigate to Administration > User Administration > Access Control
  2. Click Create Access Control
  3. Fill in the following and click Create:

Table 7: New access control properties

Columns Description
Type Type of module. Only data model type access controls can be created manually.
Title Title of the access control
Description Description of the access control
Operation Access type the rule is for (e.g. create, read, update, delete)
Resource The object that is the target of the permissions
Roles Roles that have this permission
Active Whether this permission is active. Inactive permissions are effectively archived.

Edit or delete an access control

Existing access controls that were created manually can be edited or deleted by clicking the Actions button that appears to the right on mouseover of the entry on the list view. However, default access controls can only be edited, not deleted.

When editing default access controls, only the roles associated with them can be modified.