The NodeSource Blog

RBAC - Role Based Access Control

Last week, we announced NSolid 3.11.1, which introduces Role Based Access Control along with support for Node.js Erbium v12.16.2 and Dubnium v10.20.1. You can read here for more information.

NodeSource’s Role Based Access Control feature empowers Org Admins to create, define, manage and assign roles that provide access privileges to distinct user-actions and/or views in the NSolid Console and accounts.nodesource.com. All role definitions and role assignments are managed via NSolid’s Central Access Control Nexus accounts.nodesource.com, which also supports SAML-based federated authentication via OneLogin, PingID and Okta.

The system comes with a set of pre-made roles but permits full customization of permissions per role as well as the creation and deletion of existing roles.

How it works:

The following shows the NodeSource’s central control-nexus, accounts.nodesource.com, from the perspective of two different users:

  1. The ‘Admin’ has access to the Organization’s ‘People’s’ Tab where they can invite team-members, define and assign RBAC roles.
  2. The ‘Member’ doesn’t have access to the ‘People’s’ Tab. To them the tab isn’t visible. 1

Similarly, in the NSolid Console a ‘Security Admin’ will be granted access to the Console’s Security Tab, while a user with the ‘Member’ role won’t be allowed to access this option:
2

You can see a list of permissions that can be aggregated into new roles and/or added to existing roles here.

RBAC - Pre-Configured Roles

Pre-configured configured roles include:

The Admin role has access to all permissions for both NodeSource'c Central Management Platform accounts.nodesource.com and the NSolid Console. This includes accessing billing, license keys, as well as managing RBAC permissions and, team members, and SAML integrations in accounts. This role also features full permissions for all features available in the NSolid Console.

The pre-configured Ops Admins serves to meet the needs of DevOps Managers acting at the deployment level. They have full access to the NSolid Console, but are unable to hide security vulnerabilities unless an Admin role modifies this permission. This can be accomplished through the org’s setting page in accounts.nodesource.com which features limited access for this role.

The pre-configured The Security Admin role is a security-focused that acts at the application level. , This role retains access to NodeSource's Central Account Management Platform accounts.nodesource.com, but users with this role are unable to access most of the settings reserved for managing an organization’s NSolid deployment via the Admin role. In the NSolid Console Security Admins can monitor applications, view and hide security vulnerabilities, as well as manage most diagnostic actions.

The pre-configured Member role, is focused on monitoring and diagnostics of application performance only. As with all roles, this role can be modified via NodeSource’s Central Account Management Platform. Members have access to accounts.nodesource.com but are unable to view a number of Settings reserved to Admins.

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                            
AdminSecurity Admin Ops Admin Member
Accounts Management - accounts.nodesource.com:
License Key
Billing Management
Manage Service Tokens
SAML Configuration
People Management
NSolid Console:
Security:
View Security Vulnerabilities
Hide Security Vulnerabilities
Notifications:
Access and modify Global Notifications
Access, create, modify and/or delete threshold views and notifications.
Diagnostic Assets:
Create CPU Profiles
Create Heap Snapshots
Access/Delete CPU Profiles and Heap Snapshots
Monitoring:
Set reporting filters
Change reporting axis
Manage custom views
Access process detail view
Automated Actions:
Manage automated actions
NSolid Console Settings:
Access General Console Settings
Manage Global Notifications
Manage Saved Views
Manage Slack, MS Teams and/or Webhook Integrations

The NodeSource platform offers a high-definition view of the performance, security and behavior of Node.js applications and functions.

Start for Free