CB Defense: Is it Possible to Prevent Users From Creating or Assigning RBAC Roles With All Permissions?
search cancel

CB Defense: Is it Possible to Prevent Users From Creating or Assigning RBAC Roles With All Permissions?

book

Article ID: 287041

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Is it possible to prevent PSC Console users with Manage Roles and Manage Users permissions from creating or assigning a customized RBAC role that is assigned all permissions?

Environment

  • CB Defense PSC Console: March '19 Release and later (0.45)

Resolution

  • Yes. Because RBAC permissions are hierarchical in nature, users cannot assign or create roles that include permissions they do not have themselves
  • For example, a User that is assigned permission to Manage Roles and Users but not Connectors cannot assign permission to manage Connectors
  • That same User would also not be able to assign roles that include permission to manage Connectors
Powered by Wolken Software