ETM Identity RBAC - Roles and Permissions
Overview
Role-Based Access Control (RBAC) in ETM Identity enables controlled access to UI features and backend APIs based on assigned roles and permissions. Users can perform actions only if the required permissions are granted.
View ETM Roles and Permissions
On the Role Management tab, create a role and related permissions. For more information, see Creating a Role and Managing Roles and Permissions.
Mandatory permissions: Roles created for ETM Identity must include both ETM Identity Access and ETM Identity UI Access. Roles missing either permission is not granted application access.
Role Summary
| Role | Best For | Access Level |
|---|---|---|
|
ETM Identity Manager |
Security leaders, admins |
Full access to all tabs and operations within the ETM Identity app, including write permissions |
|
ETM Identity Viewer |
Analysts, auditors |
Read access to all tabs within the ETM Identity app; write operations are not permitted. |
ETM Permissions (Application Access Permissions)
| Permission | Description | Manager | Viewer |
|---|---|---|---|
| ETM Identity UI Access | Can log in and view the ETM Identity interface. | ✔ | ✔ |
| ETM Identity Internal API Access | Can access Internal API | ✔ | ✔ (Read Only) |
Base Access Requirements
- ETM Identity access
- ETM Identity UI access
- ETM Identity API access (for API interactions)
User Roles Comparison
The ETM Identity application has several access permissions that are assigned to each user role. The following table compares these permissions granted to the default user roles for ETM Identity:
ETM Identity Permissions
| Permission | Description | Manager | Viewer |
|---|---|---|---|
| ETM Identity UI Access | Access ETM Identity | ✔ | ✔ |
| ETM Identity API Access | Access ETM Identity Internal | ✔ | ✔ (Read Only) |
Inventory Permissions
| Permission | Description | Manager | Viewer |
|---|---|---|---|
| View Tenant | Access tenant-level details and configurations. | ✔ | ✔ |
| View Policy | View defined security and governance policies | ✔ | ✔ |
| View Assets | View all the assets within the environment | ✔ | ✔ |
| View Groups | Access definitions and memberships | ✔ | ✔ |
| View Users | View user accounts and associated details | ✔ | ✔ |
| View Roles | Review role definitions and assigned permissions | ✔ | ✔ |
TruRisk Permissions
| Permission | Description | Manager | Viewer |
|---|---|---|---|
| View TruRisk Data | View TruRisk scoring and related risk insights | ✔ | ✔ |
Risk Management Permissions
| Permission | Description | Manager | Viewer |
|---|---|---|---|
| View Vulnerabilities | View identified vulnerabilities | ✔ | ✔ |
| View Misconfigurations | View details of detected misconfigurations | ✔ | ✔ |
| View ID Misconfigurations (Applicable for Non-UAI subscription) |
View identity-related misconfiguration | ✔ | ✔ |
| View Domain Trust Map | Visualize domain trust relationships and dependencies | ✔ | ✔ |
| View Attack Path | Analyze potential attack paths within the environment | ✔ | ✔ |
Configurations Permissions (Non-UAI)
| Permission | Description | Manager | Viewer |
|---|---|---|---|
| Export ACS Data | Export ACS data for reporting or external use | ✔ | ✔ |
| Import/Export ACS Data | Import or export ACS data for data management and integration | ✔ | ✖ |
Monitoring Permissions
| Permission | Description | Manager | Viewer |
|---|---|---|---|
| View Alerts and Events | View generated security alerts for potential threats and incidents and event logs for monitoring and analysis purposes | ✔ | ✔ |
Additional Notes
- Viewer role does not have write or configuration privileges.
- Domain Trust Map (DTM) displays high-level relationships and is not filtered.
- UAI subscriptions support tag-based data filtering in addition to role permissions.
- Tab-level access control is supported only for non-UAI subscription users.