ETM Identity RBAC - Roles and Permissions

Overview

Role-Based Access Control (RBAC) in ETM Identity enables controlled access to UI features and backend APIs based on assigned roles and permissions. Users can perform actions only if the required permissions are granted.

View ETM Roles and Permissions

On the Role Management tab, create a role and related permissions. For more information, see Creating a Role and Managing Roles and Permissions.

Mandatory permissions: Roles created for ETM Identity must include both ETM Identity Access and ETM Identity UI Access. Roles missing either permission is not granted application access.

Role Summary

Role Best For Access Level

ETM Identity Manager

Security leaders, admins

Full access to all tabs and operations within the ETM Identity app, including write permissions

ETM Identity Viewer

Analysts, auditors

Read access to all tabs within the ETM Identity app; write operations are not permitted.

ETM Permissions (Application Access Permissions)

Permission Description Manager Viewer
ETM Identity UI Access Can log in and view the ETM Identity interface.
ETM Identity Internal API Access Can access Internal  API ✔ (Read Only)

Base Access Requirements

  • ETM Identity access
  • ETM Identity UI access
  • ETM Identity API access (for API interactions)

User Roles Comparison

The ETM Identity application has several access permissions that are assigned to each user role. The following table compares these permissions granted to the default user roles for ETM Identity:

ETM Identity Permissions

Permission Description Manager Viewer
ETM Identity UI Access Access ETM Identity
ETM Identity API Access Access ETM Identity Internal ✔ (Read Only)

Inventory Permissions

Permission Description Manager Viewer
View Tenant Access tenant-level details and configurations.
View Policy View defined security and governance policies
View Assets View all the assets within the environment
View Groups Access definitions and memberships
View Users View user accounts and associated details
View Roles Review role definitions and assigned permissions

TruRisk Permissions

Permission Description Manager Viewer
View TruRisk Data View TruRisk scoring and related risk insights

Risk Management Permissions

Permission Description Manager Viewer
View Vulnerabilities View identified vulnerabilities 
View Misconfigurations View details of detected misconfigurations 
View ID Misconfigurations
(Applicable for Non-UAI subscription)
View identity-related misconfiguration 
View Domain Trust Map Visualize domain trust relationships and dependencies
View Attack Path Analyze potential attack paths within the environment

Configurations Permissions (Non-UAI)

Permission Description Manager Viewer
Export ACS Data Export ACS data for reporting or external use
Import/Export ACS Data Import or export ACS data for data management and integration

Monitoring Permissions

Permission Description Manager Viewer
View Alerts and Events View generated security alerts for potential threats and incidents and event logs for monitoring and analysis purposes

Additional Notes

  • Viewer role does not have write or configuration privileges.
  • Domain Trust Map (DTM) displays high-level relationships and is not filtered.
  • UAI subscriptions support tag-based data filtering in addition to role permissions.
  • Tab-level access control is supported only for non-UAI subscription users.