Role-Based Access Control (RBAC) Reference
Learn about the available permission levels within the Apono UI
Last updated
Was this helpful?
Documentation and Guides
Learn about the available permission levels within the Apono UI
Last updated
Was this helpful?
Role-Based Access Control (RBAC) provides a structured approach to managing permissions within the Apono UI. By aligning access rights with specific job responsibilities, RBAC prevents unauthorized or conflicting administrative actions.
RBAC is especially powerful for enabling collaboration across multiple teams and professionals with different objectives. Each team member receives precisely the access they need to perform their specific tasks. At the same time, RBAC maintains overall system security and operational integrity.
You can assign any of the following roles to each user.
Admin
Full access to all features and functionalities
Usage: Only role authorized to create, delete, and assign roles to users
Power User
Access to most features except some user and account settings
Usage: Manages daily administrative tasks
Deployment
Permissions focused on infrastructure and deployment management
Usage: Ensures seamless deployment and infrastructure integrity
Viewer
Read-only access to reports and auditing functionalities
Usage: Monitors compliance and administrative activity without modifying resources
Grantee
The following tables detail the permissions available to each role within the Apono UI.
Dashboard
View
✅
✅
✅
Right Sizing
View
✅
✅
✅
Filter
✅
✅
✅
Access Graph
Visualizes how access is granted to resources, whether JIT, via group membership or with standing access
View
✅
✅
✅
Filter
✅
✅
✅
Anomalies
View
✅
✅
✅
Filter
✅
✅
✅
JIT Protect
Explore
✅
✅
✅
Revoke Standing Access
✅
✅
Access Flows
View the access flow list
✅
✅
✅
Filter the access flow list
✅
✅
✅
Get an access flow
✅
✅
✅
Create an access flow
✅
✅
Edit an access flow
✅
✅
Enable an access flow
✅
✅
Disable an access flow
✅
✅
Delete an access flow
✅
✅
Bundles
View the bundles list
✅
✅
✅
Get a bundle
✅
✅
✅
Create a bundle
✅
✅
Edit a bundle
✅
✅
Delete a bundle
✅
✅
Integrations
View the integration list
✅
✅
✅
✅
Get an integration
✅
✅
✅
✅
View the catalog
✅
✅
✅
✅
Connect an integration
✅
✅
✅
Edit an integration
✅
✅
✅
Refresh an integration
✅
✅
✅
Delete an integration
✅
✅
✅
Connectors
View the connector list
✅
✅
✅
✅
Connect a connector
✅
✅
✅
Edit a connector
✅
✅
✅
Delete a connector
✅
✅
✅
Identities
View users
✅
✅
✅
Add a user
✅
Create a group
✅
✅
Edit a group
✅
✅
Delete a group
✅
✅
Inventory
View the access scope list
✅
✅
✅
✅
Filter the access scope list
✅
✅
Create an access scope
✅
✅
Edit an access scope
✅
✅
Delete an access scope
✅
✅
Activity
View the activity list
✅
✅
✅
✅
Filter the activity list
✅
✅
✅
✅
Revoke access in drawer
✅
✅
Revoke all
✅
✅
Reports
View the report list
✅
✅
✅
Get a report
✅
✅
✅
Create a report
✅
✅
✅
Edit a report
✅
✅
✅
Export a report
✅
✅
✅
Schedule a report
✅
✅
✅
Delete a report
✅
✅
✅
Session Audit
View a session audit
✅
✅
✅
✅
Audit Log (Syslog)
Tracks system changes with a clear, chronological audit log for accountability and quick investigation.
View the audit log list
✅
✅
✅
✅
Filter the audit log list
✅
✅
✅
✅
Click the audit log drawer
✅
✅
✅
✅
Export the audit log
✅
✅
✅
✅
Webhooks
View the webhook list
✅
✅
✅
✅
View webhook history
✅
✅
✅
✅
Create a webhook
✅
✅
✅
Edit a webhook
✅
✅
✅
Enable a webhook
✅
✅
✅
Disable a webhook
✅
✅
✅
Delete a webhook
✅
✅
✅
General (Settings)
View settings
✅
✅
✅
Manage settings
✅
✅
Profile
Edit profile (individual)
✅
✅
✅
✅
Privacy & Security
✅
✅
✅
✅
Account Details
View account details
✅
✅
✅
✅
Edit account details
✅
Users
View users list
✅
✅
✅
✅
Resend invitation email
✅
✅
✅
✅
Invite users
✅
Edit roles of users
✅
Log out user sessions
✅
Disable user
✅
Delete user
✅
View API tokens
✅
✅
✅
✅
Create an API token
✅
✅
✅
✅
Delete an API token
✅
✅
✅
✅
Request access
✅
✅
✅
✅
✅
Access granted resources
✅
✅
✅
✅
✅
( only) Permissions focused on requesting and accessing resources Usage: Requests resources and connects to granted resources
Ensures your access flows grant the least-privileged access to users. .
Safeguards against potential risky access to your tools. .
Assesses and remediated standing access to improve your cloud security posture. .
Enables creating automated, dynamic permission workflows that define access to sets of resources. .
Manages access to integrations, roles, and resources by grouping them together. .
Allows restricting resource access by creating specified, authenticated users or groups. .
Enables creating and managing queries of dynamic, reusable groups of resources. .
Sends Apono access request data to your internal systems with event-triggered HTTP messages. .
(individual)