RBAC (Role-Based Access Control)
Role-Based Access Control (RBAC) is a cornerstone of modern access management, ensuring that users have the exact permissions they need—no more, no less. Escape's RBAC features allow organizations to meticulously define roles and fine-grained permissions, ensuring robust security, streamlined operations, and maximized productivity.
Escape's RBAC is accessible under the "Organization" Settings, and at the "Application" settings level.
Managing User Access in the Escape Platform
Where to find user and role settings in the Escape platform?
You can find user and role settings by clicking your organization’s name in the sidebar. To configure user roles, click on the “Roles” tab.
How to add roles and set permissions for each user role?
Use the “Create a new role” feature to create new user roles. You can also modify the access rights of existing roles. When creating a new role, a side panel opens where you can adjust the permissions and access rights for that role in detail.
How to invite users and assign roles to them?
Click on the “Team” tab at the top left of the platform. This will open the user management panel. From here, you can invite new users by entering their email and assigning them a specific role.
How to edit the roles of a specific user?
To change a user’s role, click the “EDIT” button next to their name in the user table.
Roles and Permissions
Core Permissions
Escape defines roles via a mapping between features and CRUD permissions for each features. The following are the core features that can be configured in Escape:
- Applications: Applications created from discovered endpoints in the inventory, with their scan configurations and scan results.
- Inventory: The Escape inventory, built from the discovered endpoints via integrations, and crawling.
- Integrations: All the integrations that are configured in Escape to discover and enrich your organizational context.
- Reporting: Your organizational dashboard to visualize the data from the inventory and the applications, your progress and security posture.
- Notifications: Your configured notification workflows, and the history of the triggered notificat.
Access Matrix
| Feature | Administrator | Editor | Viewer | None |
|---|---|---|---|---|
| All Applications | Allow users to perform all application and scan operations | Allow users to browse all scan results, start scans, update configurations | Allow users to browse all scan results | No access |
| Inventory | Allow users to perform all inventory operations | Allow users to browse the inventory, update endpoints data, set labels | Allow users to browse the inventory and view endpoints data | No access |
| Integrations | Allow users to perform all operations including create, read, update, delete | N/A | N/A | No access |
| Reporting | Allow users to perform all operations including create, read, update, delete | N/A | N/A | No access |
| Workflows | Allow users to perform all workflow operations | Allow users to create, update and delete custom workflows | Allow users to view custom workflows | No access |
Fine-Grained Application Permissions
Beyond the core roles, Escape provides the flexibility to define permissions at the granular application level. This ensures that users or business units can be restricted or permitted to specific applications, aligning with their job responsibilities and the principle of least privilege.
You can simply configure the permissions for each application by selecting the role for each application.
