Role-Based Access Control (RBAC) Reference
Learn about the available permission levels within the Apono UI
Role-Based Access Control (RBAC) provides a structured approach to managing permissions within the Apono UI. By aligning access rights with specific job responsibilities, RBAC prevents unauthorized or conflicting administrative actions.
RBAC is especially powerful for enabling collaboration across multiple teams and professionals with different objectives. Each team member receives precisely the access they need to perform their specific tasks. At the same time, RBAC maintains overall system security and operational integrity.
Role Overview
You can assign any of the following roles to each user.
Admin
Full access to all features and functionalities
Usage: Only role authorized to create, delete, and assign roles to users
Power User
Access to most features except some user and account settings
Usage: Manages daily administrative tasks
Deployment
Permissions focused on infrastructure and deployment management
Usage: Ensures seamless deployment and infrastructure integrity
Auditor
Read-only access to reports and auditing functionalities
Usage: Monitors compliance and administrative activity without modifying resources
Permissions
The following tables detail the permissions available to each role within the Apono UI.
Overview
Dashboard
View
✅
✅
Right Sizing
Ensures your access flows grant the least-privileged access to users. Learn more.
View
✅
✅
Filter
✅
✅
Access Graph
Visualizes how access is granted to resources, whether JIT, via group membership or with standing access
View
✅
✅
✅
Filter
✅
✅
✅
Anomalies
Safeguards against potential risky access to your tools. Learn more.
View
✅
✅
Filter
✅
✅
JIT Protect
Assesses and remediated standing access to improve your cloud security posture. Learn more.
View
✅
✅
Explore
✅
✅
Access Management
Access Flows
Enables creating automated, dynamic permission workflows that define access to sets of resources. Learn more.
Create an access flow
✅
✅
Edit an access flow
✅
✅
Enable an access flow
✅
✅
Disable an access flow
✅
✅
Delete an access flow
✅
✅
View the access flow list
✅
✅
✅
✅
Filter the access flow list
✅
✅
✅
✅
Get an access flow
✅
✅
✅
✅
Bundles
Manages access to integrations, roles, and resources by grouping them together. Learn more.
Create a bundle
✅
✅
Edit a bundle
✅
✅
Delete a bundle
✅
✅
View the bundle list
✅
✅
Get a bundle
✅
✅
Environment
Integrations
Connect an integration
✅
✅
✅
Edit an integration
✅
✅
✅
Delete an integration
✅
✅
✅
View the integration list
✅
✅
✅
Get an integration
✅
✅
✅
Refresh an integration
✅
✅
✅
View the catalog
✅
✅
✅
Connectors
Connect a connector
✅
✅
✅
Edit a connector
✅
✅
✅
Delete a connector
✅
✅
✅
View the connector list
✅
✅
✅
Identities
Allows restricting resource access by creating specified, authenticated users or groups. Learn more.
Add a user
✅
View a user
✅
✅
Create a group
✅
✅
Edit a group
✅
✅
Delete a group
✅
✅
Inventory
Enables creating and managing queries of dynamic, reusable groups of resources. Learn more.
Create an access scope
✅
✅
Edit an access scope
✅
✅
Delete an access scope
✅
✅
View the access scope list
✅
✅
Filter the access scope list
✅
✅
Administration
Activity
View the activity list
✅
✅
✅
✅
Filter the activity list
✅
✅
✅
✅
Revoke access in drawer
✅
✅
Revoke all
✅
✅
Reports
Create a report
✅
✅
✅
Edit a report
✅
✅
✅
Delete a report
✅
✅
✅
View the report list
✅
✅
✅
Get a report
✅
✅
✅
Export a report
✅
✅
✅
Schedule a report
✅
✅
✅
Session Audit
View a session audit
✅
✅
✅
✅
Audit Log (Syslog)
Tracks system changes with a clear, chronological audit log for accountability and quick investigation.
View the audit log list
✅
✅
✅
✅
Filter the audit log list
✅
✅
✅
✅
Export the audit log
✅
✅
✅
✅
Click the audit log drawer
✅
✅
✅
✅
Webhooks
Sends Apono access request data to your internal systems with event-triggered HTTP messages. Learn more.
Create a webhook
✅
✅
✅
Edit a webhook
✅
✅
✅
Enable a webhook
✅
✅
✅
Disable a webhook
✅
✅
✅
Delete a webhook
✅
✅
✅
View the webhook list
✅
✅
✅
Filter the webhook history
✅
✅
✅
Identity and Access Management (IAM) Administration
Profile
Edit profile (individual)
✅
✅
Privacy & Security
Account Details
Edit account details
✅
Users
Invite users
✅
Resend invitation email
✅
Edit roles of users
✅
Delete user
✅
Disable user
✅
Log out user sessions
✅
View users list
✅
Security
View security
✅
✅
SSO
Enable SSO
✅
✅
Personal API Tokens
Create an API token
✅
✅
✅
Delete an API token
✅
✅
✅
View API tokens
✅
✅
✅
Last updated