LogoLogo
Documentation and Guides
Documentation and Guides
  • ABOUT APONO
    • Why Choose Apono
    • Security and Architecture
    • Glossary
  • GETTING STARTED
    • How Apono Works
    • Getting started
    • Access Discovery
    • Integrating with Apono
  • CONNECTORS AND SECRETS
    • Apono Integration Secret
    • High Availability for Connectors
    • Installing a connector with Docker
    • Manage integrations
    • Manage connectors
    • S3 Storage
  • AWS ENVIRONMENT
    • AWS Overview
    • Apono Connector for AWS
      • Installing a connector on EKS Using Terraform
      • Updating a connector in AWS
      • Installing a connector on AWS ECS using Terraform
    • AWS Integrations
      • Integrate an AWS account or organization
        • Auto Discover AWS RDS Instances
        • AWS Best Practices
      • Amazon Redshift
      • RDS PostgreSQL
      • AWS RDS MySQL
      • Integrate with EKS
      • AWS Lambda Custom Integration
      • EC2 via Systems Manager Agent (SSM)
  • AZURE ENVIRONMENT
    • Apono Connector for Azure
      • Install an Azure connector on ACI using Azure CLI
      • Install an Azure connector on ACI using PowerShell
      • Install an Azure connector on ACI using Terraform
      • Updating a connector in Azure
    • Azure Integrations
      • Integrate with Azure Management Group or Subscription
        • Auto Discover Azure SQL Databases
      • Azure MySQL
      • Azure PostgreSQL
      • Integrate with AKS
  • GCP ENVIRONMENT
    • Apono Connector for GCP
      • Installing a GCP connector on Cloud Run using CLI
      • Installing a GCP connector on GKE using CLI (Helm)
      • Installing a GCP connector on GKE using Terraform
      • Updating a connector in Google Cloud
    • GCP Integrations
      • Integrate a GCP organization or project
      • CloudSQL - MySQL
      • CloudSQL - PostgreSQL
      • Google Cloud Functions
      • Integrate with GKE
      • AlloyDB
  • KUBERNETES ENVIRONMENT
    • Apono Connector for Kubernetes
      • Installing a connector on Kubernetes with AWS permissions
      • Updating a Kubernetes connector
    • Kubernetes Integrations
      • Integrate with Self-Managed Kubernetes
  • ADDITIONAL INTEGRATIONS
    • Databases and Data Repositories
      • Microsoft SQL Server
      • MongoDB
      • MongoDB Atlas
      • MongoDB Atlas Portal
      • MySQL
      • Oracle Database
      • PostgreSQL
      • RabbitMQ
      • Redis Cloud (Redislabs)
      • Snowflake
      • Vertica
      • MariaDB
    • Network Management
      • SSH Servers
      • RDP Servers
      • Windows Domain Controller
      • AWS EC2 SSH Servers
      • Azure VM SSH Servers
      • Installing the Apono HTTP Proxy
    • Development Tools
      • GitHub
      • Rancher
    • Identity Providers
      • Okta SCIM
      • Okta Groups
      • Okta SSO for Apono logins
      • Google Workspace (Gsuite)
      • Google Workspace (GSuite) Groups
      • Azure Active Directory (Microsoft Entra ID)
      • Azure Active Directory (Entra ID) Groups
      • Jumpcloud
      • JumpCloud Groups
      • OneLogin
      • OneLogin Group
      • LDAP Groups
      • The Manager Attribute in Access Flows
      • HiBob
      • Ping Identity SSO
    • Incident Response Integrations
      • Opsgenie
      • PagerDuty
      • VictorOps (Splunk On-Call)
      • Zenduty
    • ChatOps Integrations
      • Slack integration
      • Teams integration
      • Backstage Integration
    • Secret Management
      • 1Password
  • WEBHOOK INTEGRATIONS
    • Webhooks Overview
    • Anomaly Webhook
    • Audit Log Webhook
    • Request Webhook
      • Custom Webhooks
      • Communications and Notifications
        • Slack Outbound Webhooks
        • Teams
        • Outlook and Gmail (Using Azure Logic App)
      • ITSM
        • Freshdesk
        • Jira
        • ServiceNow
        • Zendesk
        • Freshservice
        • ServiceDesk Plus
      • Logs and SIEMs
        • Coralogix
        • Datadog
        • Logz.io
        • Grafana
        • New Relic
        • SolarWinds
        • Sumo Logic
        • Cortex
        • Logpoint
        • Splunk
        • Microsoft Sentinel
      • Orchestration and workflow builders
        • Okta Workflows
        • Torq
    • Integration Webhook
    • Webhook Payload References
      • Audit Log Webhook Payload Schema Reference
      • Webhook Payload Schema Reference
    • Manage webhooks
    • Troubleshoot a webhook
    • Manual Webhook
      • ITSM
        • PagerDuty
  • ACCESS FLOWS
    • Access Flows
      • What are Access Flows?
    • Create Access Flows
      • Self Serve Access Flows
      • Automatic Access Flows
      • Access Duration
    • Manage Access Flows
      • Right Sizing
    • Revoke Access
    • Dynamic Access Management
      • Resource and Integration Owners
    • Common Use Cases
      • Ensuring SLA
      • Protecting PII and Customer Data
      • Production Stability and Management
      • Break Glass Protocol
    • Create Bundles
    • Manage Bundles
  • ACCESS REQUESTS AND APPROVALS
    • Slack
      • Requesting Access with Slack
      • Approving Access with Slack
      • Reviewing historical requests with Slack
    • Teams
      • Requesting Access with Teams
      • Approving Access with Teams
    • CLI
      • Install and manage the Apono CLI
      • Requesting Access with CLI
    • Web Portal
      • Requesting Access with the Web Portal
      • Approving Access with the Web Portal
      • Reviewing historical requests with the Web Portal
    • Freshservice
    • Favorites
  • Inventory
    • Inventory Overview
    • Inventory
    • Access Scopes
    • Risk Scores
    • Apono Query Language
  • AUDITS AND REPORTS
    • Activity Overview
      • Activity
      • Create Reports
      • Manage Reports
    • Compliance: Audit and Reporting
    • Auditing Access in Apono
    • Admin Audit Log (Syslog)
  • HELP AND DEBUGGING
    • Integration Status Page
    • Troubleshooting Errors
  • ARCHITECTURE AND SECURITY
    • Anomaly Detection
    • Multi-factor Authentication
    • Credentials Rotation Policy
    • Periodic User Cleanup & Deletion
    • End-user Authentication
    • Personal API Tokens
  • User Administration
    • Role-Based Access Control (RBAC) Reference
    • Create Identities
    • Manage Identities
Powered by GitBook
On this page
  • Role Overview
  • Permissions

Was this helpful?

Export as PDF
  1. User Administration

Role-Based Access Control (RBAC) Reference

Learn about the available permission levels within the Apono UI

PreviousPersonal API TokensNextCreate Identities

Last updated 1 month ago

Was this helpful?

Role-Based Access Control (RBAC) provides a structured approach to managing permissions within the Apono UI. By aligning access rights with specific job responsibilities, RBAC prevents unauthorized or conflicting administrative actions.

RBAC is especially powerful for enabling collaboration across multiple teams and professionals with different objectives. Each team member receives precisely the access they need to perform their specific tasks. At the same time, RBAC maintains overall system security and operational integrity.

To learn more about managing user roles in Apono, click .


Role Overview

You can assign any of the following roles to each user.

Role
Description

Admin

Full access to all features and functionalities

Usage: Only role authorized to create, delete, and assign roles to users

Power User

Access to most features except some user and account settings

Usage: Manages daily administrative tasks

Deployment

Permissions focused on infrastructure and deployment management

Usage: Ensures seamless deployment and infrastructure integrity

Viewer

Read-only access to reports and auditing functionalities

Usage: Monitors compliance and administrative activity without modifying resources

Grantee


Permissions

The following tables detail the permissions available to each role within the Apono UI.

Overview

Dashboard

Action
Admin
Power User
Deployment
Viewer

View

✅

✅

✅

Right Sizing

Action
Admin
Power User
Deployment
Viewer

View

✅

✅

✅

Filter

✅

✅

✅

Access Graph

Visualizes how access is granted to resources, whether JIT, via group membership or with standing access

Action
Admin
Power User
Deployment
Viewer

View

✅

✅

✅

Filter

✅

✅

✅

Anomalies

Action
Admin
Power User
Deployment
Viewer

View

✅

✅

✅

Filter

✅

✅

✅

JIT Protect

Action
Admin
Power User
Deployment
Viewer

Explore

✅

✅

✅

Revoke Standing Access

✅

✅

Access Management

Access Flows

Action
Admin
Power User
Deployment
Viewer

View the access flow list

✅

✅

✅

Filter the access flow list

✅

✅

✅

Get an access flow

✅

✅

✅

Create an access flow

✅

✅

Edit an access flow

✅

✅

Enable an access flow

✅

✅

Disable an access flow

✅

✅

Delete an access flow

✅

✅

Bundles

Action
Admin
Power User
Deployment
Viewer

View the bundles list

✅

✅

✅

Get a bundle

✅

✅

✅

Create a bundle

✅

✅

Edit a bundle

✅

✅

Delete a bundle

✅

✅

Environment

Integrations

Action
Admin
Power User
Deployment
Viewer

View the integration list

✅

✅

✅

✅

Get an integration

✅

✅

✅

✅

View the catalog

✅

✅

✅

✅

Connect an integration

✅

✅

✅

Edit an integration

✅

✅

✅

Refresh an integration

✅

✅

✅

Delete an integration

✅

✅

✅

Connectors

Action
Admin
Power User
Deployment
Viewer

View the connector list

✅

✅

✅

✅

Connect a connector

✅

✅

✅

Edit a connector

✅

✅

✅

Delete a connector

✅

✅

✅

Identities

Action
Admin
Power User
Deployment
Viewer

View users

✅

✅

✅

Add a user

✅

Create a group

✅

✅

Edit a group

✅

✅

Delete a group

✅

✅

Inventory

Action
Admin
Power User
Deployment
Viewer

View the access scope list

✅

✅

✅

✅

Filter the access scope list

✅

✅

Create an access scope

✅

✅

Edit an access scope

✅

✅

Delete an access scope

✅

✅

Administration

Activity

Action
Admin
Power User
Deployment
Viewer

View the activity list

✅

✅

✅

✅

Filter the activity list

✅

✅

✅

✅

Revoke access in drawer

✅

✅

Revoke all

✅

✅

Reports

Action
Admin
Power User
Deployment
Viewer

View the report list

✅

✅

✅

Get a report

✅

✅

✅

Create a report

✅

✅

✅

Edit a report

✅

✅

✅

Export a report

✅

✅

✅

Schedule a report

✅

✅

✅

Delete a report

✅

✅

✅

Session Audit

Action
Admin
Power User
Deployment
Viewer

View a session audit

✅

✅

✅

✅

Audit Log (Syslog)

Tracks system changes with a clear, chronological audit log for accountability and quick investigation.

Action
Admin
Power User
Deployment
Viewer

View the audit log list

✅

✅

✅

✅

Filter the audit log list

✅

✅

✅

✅

Click the audit log drawer

✅

✅

✅

✅

Export the audit log

✅

✅

✅

✅

Webhooks

Action
Admin
Power User
Deployment
Viewer

View the webhook list

✅

✅

✅

✅

View webhook history

✅

✅

✅

✅

Create a webhook

✅

✅

✅

Edit a webhook

✅

✅

✅

Enable a webhook

✅

✅

✅

Disable a webhook

✅

✅

✅

Delete a webhook

✅

✅

✅

Identity and Access Management (IAM) Administration

General (Settings)

Action
Admin
Power User
Deployment
Viewer

View settings

✅

✅

✅

Manage settings

✅

✅

Profile

Action
Admin
Power User
Deployment
Viewer

Edit profile (individual)

✅

✅

✅

✅

Privacy & Security

Action
Admin
Power User
Deployment
Viewer

✅

✅

✅

✅

Account Details

Action
Admin
Power User
Deployment
Viewer

View account details

✅

✅

✅

✅

Edit account details

✅

Users

Action
Admin
Power User
Deployment
Viewer

View users list

✅

✅

✅

✅

Resend invitation email

✅

✅

✅

✅

Invite users

✅

Edit roles of users

✅

Log out user sessions

✅

Disable user

✅

Delete user

✅

Personal API Tokens

Action
Admin
Power User
Deployment
Viewer

View API tokens

✅

✅

✅

✅

Create an API token

✅

✅

✅

✅

Delete an API token

✅

✅

✅

✅

Portal

Action
Admin
Power User
Deployment
Viewer
Grantee

Request access

✅

✅

✅

✅

✅

Access granted resources

✅

✅

✅

✅

✅

( only) Permissions focused on requesting and accessing resources Usage: Requests resources and connects to granted resources

Ensures your access flows grant the least-privileged access to users. .

Safeguards against potential risky access to your tools. .

Assesses and remediated standing access to improve your cloud security posture. .

Enables creating automated, dynamic permission workflows that define access to sets of resources. .

Manages access to integrations, roles, and resources by grouping them together. .

Allows restricting resource access by creating specified, authenticated users or groups. .

Enables creating and managing queries of dynamic, reusable groups of resources. .

Sends Apono access request data to your internal systems with event-triggered HTTP messages. .

(individual)

here
Learn more
Learn more
Learn more
Learn more
Learn more
Learn more
Learn more
Learn more
Portal UI
Enable MFA