search

Role-Based Access Control (RBAC) Reference

Learn about the available permission levels within the Apono UI

Role-Based Access Control (RBAC) provides a structured approach to managing permissions within the Apono UI. By aligning access rights with specific job responsibilities, RBAC prevents unauthorized or conflicting administrative actions.

RBAC is especially powerful for enabling collaboration across multiple teams and professionals with different objectives. Each team member receives precisely the access they need to perform their specific tasks. At the same time, RBAC maintains overall system security and operational integrity.

circle-info

To learn more about managing user roles in Apono, click herearrow-up-right.

hashtag
Role Overview

You can assign any of the following roles to each user.

Role
Description

Admin

Full access to all features and functionalities

Usage: Only role authorized to create, delete, and assign roles to users

Space Owner

Management of membership and access objects within a specific space, with view-only access outside that space

Usage: Invites members, assigns member roles, and manages access objects

Space Manager

Management of access objects within a specific space, with view-only access outside that space

Usage: Handles day-to-day management of access objects within a specific space

Power User

Access to most features except some user and account settings

Usage: Manages daily administrative tasks

Deployment

Permissions focused on infrastructure and deployment management

Usage: Ensures seamless deployment and infrastructure integrity

Viewer

Read-only access to reports and auditing functionalities

Usage: Monitors compliance and administrative activity without modifying resources

Grantee

(Portal UI only) Permissions focused on requesting and accessing resources Usage: Requests resources and connects to granted resources

hashtag
Permissions

The following tables detail the permissions available to each role within the Apono UI.

hashtag
Overview

Dashboard

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

View

Right Sizing

Ensures your access flows grant the least-privileged access to users. Learn more.

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

View

Filter

Access Graph

Visualizes how access is granted to resources, whether JIT, via group membership or with standing access

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

View

Filter

Anomalies

Safeguards against potential risky access to your tools. Learn more.

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

View

Filter

Access Discovery

Assesses and remediated standing access to improve your cloud security posture. Learn more.

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

Explore

Revoke Standing Access

hashtag
Access Management

Access Flows

Enables creating automated, dynamic permission workflows that define access to sets of resources. Learn more.

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

View the access flow list

Filter the access flow list

Get an access flow

Create an access flow

Edit an access flow

Enable an access flow

Disable an access flow

Delete an access flow

Bundles

Manages access to integrations, roles, and resources by grouping them together. Learn more.

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

View the bundles list

Get a bundle

Create a bundle

Edit a bundle

Delete a bundle

hashtag
Environment

Integrations

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

View the integration list

Get an integration

View the catalog

Connect an integration

Edit an integration

Refresh an integration

Delete an integration

Connectors

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

View the connector list

Connect a connector

Edit a connector

Delete a connector

Identities

Allows restricting resource access by creating specified, authenticated users or groups. Learn more.

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

View users

Add a user

Create a group

Edit a group

Delete a group

Inventory

Enables creating and managing queries of dynamic, reusable groups of resources. Learn more.

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

View the access scope list

Filter the access scope list

Create an access scope

Edit an access scope

Delete an access scope

hashtag
Administration

Activity

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

View the activity list

Filter the activity list

Revoke access in drawer

Revoke all

Reports

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

View the report list

Get a report

Create a report

Edit a report

Export a report

Schedule a report

Delete a report

Session Audit

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

View a session audit

Audit Log (Syslog)

Tracks system changes with a clear, chronological audit log for accountability and quick investigation.

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

View the audit log list

Filter the audit log list

Click the audit log drawer

Export the audit log

Webhooks

Sends Apono access request data to your internal systems with event-triggered HTTP messages. Learn more.

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

View the webhook list

View webhook history

Create a webhook

Edit a webhook

Enable a webhook

Disable a webhook

Delete a webhook

hashtag
Identity and Access Management (IAM) Administration

General (Settings)

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

View settings

Manage settings

Profile

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

Edit profile (individual)

Privacy & Security

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

Enable MFA (individual)

Account Details

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

View account details

Edit account details

Users

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

View users list

Resend invitation email

Invite users

Edit roles of users

Log out user sessions

Disable user

Delete user

hashtag
API Tokens

Personal API Tokens

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

View an API token

Create an API token

Delete an API token

Service Account API Tokens

Action
Admin
Space Owner
Space Manager
Power User
Deployment
Viewer

List API tokens

Create an API token

Edit an API token

Delete an API token

1A user with a Power User, Deployment, or Viewer role can view a service account token only if the token is explicitly scoped to that role.

hashtag
Portal

Action
Admin
Power User
Deployment
Viewer
Grantee

Request access

Access granted resources

PreviousManage a spaceNextCreate Identities

Last updated

Was this helpful?