Lab 5: Role Permissions

Scenario

Most organizations use Role-Based Access Control (RBAC) to provide their employees with varying levels of access based on their roles and responsibilities. This protects sensitive data and ensures employees can only access information and perform actions they need to do their jobs. You’ll learn how to use Automation Config RBAC to define permission settings for multiple users at once, as permission settings for a role apply to all users included in the role.

Task A. Create User Role - SecOpsAdmins

  1. Click Administration > Roles from the side menu
  2. Click the +CREATE button at the bottom left hand corner
    • Enter the following details
      • Role Name = SecOpsAdmins
      • Check all Compliance & Vulnerability permissions
  3. Click SAVE button SecOpsRole

Task B. Role Permissings for SecOpsAdmins

  1. Click Resource Access tab
  2. Click Show all targets slider button
  3. Select Read Only for the following targets: Ubuntu
  4. Click SAVE button at the bottom SecOpsRole

Task C. Create User and Assign SecOpsAdmins Role

  1. Click Administration > Local Users from the side menu
  2. Click the +CREATE button at the bottom left hand corner
    • Enter the following details
      • Username = SecOpsUser
      • Roles = SecOpsAmins
      • Password = VMware1!
      • Confirm password = VMware1!
  3. Click SAVE button SecOpsRole

Task D. Test SecOpsAdmins User Role

  1. Click on the username root at the top right hand corner
  2. Click the SIGNOUT button
  3. Enter the following details:
    • Username = SecOpsUser
    • Password = VMware1!
  4. Click the button LOG IN
  5. Click Targets
    • Note that this user can only see Ubuntu targets as per our role configuration
  6. Click Configurations
  7. Click Jobs
    • Note that there are no jobs to run, as this user is not allowed to run any jobs
  8. Click File Server
    • Note that Custom content is not visible, note the base directory is not visible
    • User does not have modify permission to the out of the box content in the sse directory
  9. Click through the Compliance and Vulnerability menus
    • You will notice SecOpsUser has full access as per our role configuration. However scans can only be run against the target groups Ubuntu target as per our role configuration

Task E. Re-Login as Lab User

  1. Click SecOpsUser at the top right hand corner
  2. Click SIGNOUT
  3. Enter the following details:
    • Username = root
    • Password = VMware1!
  4. Click the button LOG IN

🏆 You may also setup users and RBAC roles with Active Directory authentication rather than local users