Access control
Introduction to access control¶
Administrators can create access controls for roles within the system, determining which modules they can access and how they can interact with them (e.g. create, read, update, and delete). The system starts with certain default permissions, but these can be expanded or modified via the access control module.
Administration > User Administration > Access Control will take you to the Manage Access Control page, which displays a list view of all existing access controls.
Table 1: List view contents
| Columns | Description |
|---|---|
| Title | Title of the access control |
| Type | Type of module the control is for. Types include: Config Items: Administrative objects like data models and mappings Views: reports and dashboards System: system JSON and indexing Data Models: data models like vulnerabilities or tickets |
| Operation | Access type the rule is for (e.g. create, read, update, delete). Operations are covered in detail below. |
| Resource | The object that is the target of the permissions |
| Roles | Roles that have this permission |
| Active | Whether this permission is active. Inactive permissions are effectively archived. |
Operation types¶
Operations are the type of access a user will have to a particular module, like the ability to view or modify its contents.
Table 2: Operation types
| Operation | Description |
|---|---|
| Create | Allows users to create new instances of objects of that resource type. |
| Read | Allows users to view objects from that resource on list views, view individual instances of those objects (e.g. particular tickets or data sources), view those objects on relationship panels, and view data about those objects on reports, if they also have read access to reports. |
| Update | Allows users to edit and save existing objects of that resource type. |
| Delete | Allows users to delete existing objects of that resource type. |
| Test Connection | Allows users to perform the "test connection" function. This function is specific to the creation of data sources from the administrative back-end. |
| Manage | Allows users to perform the "re-index" function on the database. |
| Trigger | Allows users to perform the "trigger now" function on notifications. |
| Import | Allows users to perform the import function on system JSON from the administrative back-end. |
| Export | Allows users to perform the export function on system JSON from the administrative back-end. |
| Run | Allows users to run reports. |
| Share | Allows users to share reports with others. |
Default access controls¶
Brinqa applications come with default roles and permissions. The tables below cover the permissions of Configurator, Risk Analyst, Security Analyst, and User roles. Administrators have complete access to all modules.
Configurator¶
Table 3: Configurator permissions
| Permission | Resource |
|---|---|
| Create, Read, Update, Delete | Data Mapping |
| Create, Read, Update, Delete | Data Model |
| Create, Read, Update, Delete | Data Model Mapping |
| Create, Read, Update, Delete | Data Server |
| Create, Read, Update, Delete, Test Connection | Data Source |
| Create, Read, Update, Delete | Data Source Rule |
| Manage | Index |
| Create, Read, Update, Delete | Mail Template |
| Create, Read, Update, Delete, Trigger | Notification |
| Create, Read, Update, Delete | Notification Script |
| Create, Read, Update, Delete | Rule |
| Create, Read, Update, Delete | Scheduled Notification |
| Create, Read, Update, Delete | Scheduled Rule |
| Create, Read, Update, Delete | Scheduled Sync |
| Import, Export | Settings |
| Create, Read, Update, Delete | Ticket Creation Rule |
| Create, Read, Update, Delete | Ticket Closing Rule |
| Create, Read, Update, Delete | Views |
Security Analyst¶
Table 4: Security Analyst permissions
| Permission | Resource |
|---|---|
| Create, Read, Update, Delete | Access Control |
| Create, Read, Update | Password Policy |
| Create, Read, Update, Delete | Role |
| Create, Read, Update, Delete | User |
Risk Analyst¶
Table 5: Risk Analyst permissions
Note
Risk Analysts have the User role as their parent, so inherent its permissions in addition to these listed below.
| Permission | Resource |
|---|---|
| Create, Update, Delete | Application |
| Create, Update, Delete | Business Service |
| Create, Read, Update, Delete | Business Unit |
| Create, Read, Update, Delete | Company |
| Create, Update, Delete | Component |
| Read | Data Model |
| Create, Read, Update, Delete | Department |
| Create, Read, Update, Delete | Division |
| Create, Update, Delete | Host |
| Create, Update, Delete | Issue |
| Create, Update, Delete | Issue Definition |
| Create, Read, Update, Delete | Location |
| Create, Read, Update, Delete, Run, Share | Report |
| Create, Update, Delete | Ticket |
| Read | User |
| Update, Delete | Views |
| Create, Update, Delete | Vulnerability |
| Create, Update, Delete | Vulnerability Definition |
User¶
Table 6: User permissions
Note
Risk Analysts have the User role as their parent, so inherent its permissions.
| Permission | Resource |
|---|---|
| Read | Application |
| Read | Business Service |
| Read | Component |
| Read | Host |
| Read | Issue |
| Read | Issue Definition |
| Read | Ticket |
| Read | Vulnerability |
| Read | Vulnerability Definition |
Create a new access control¶
- Navigate to Administration > User Administration > Access Control
- Click Create Access Control
- Fill in the following and click Create:
Table 7: New access control properties
| Columns | Description |
|---|---|
| Type | Type of module. Only data model type access controls can be created manually. |
| Title | Title of the access control |
| Description | Description of the access control |
| Operation | Access type the rule is for (e.g. create, read, update, delete) |
| Resource | The object that is the target of the permissions |
| Roles | Roles that have this permission |
| Active | Whether this permission is active. Inactive permissions are effectively archived. |
Edit or delete an access control¶
Existing access controls that were created manually can be edited or deleted by clicking the Actions button that appears to the right on mouseover of the entry on the list view. However, default access controls can only be edited, not deleted.
When editing default access controls, only the roles associated with them can be modified.