August 15, 2019
Announcing Advanced Role Based Access Controls for Gremlin
Today we’re excited to release the advanced features we’ve added to Role Based Access Control, or RBAC, Gremlin’s user management system. These features allow our customers to manage Gremlin permissions in the same way that their internal organizations do.
With RBAC you can ensure that every Gremlin user at your company has the correct level of permissions for running attacks, managing users and teams, as well as configuring account settings. Permissions are assigned to roles that you can assign to users in order to establish a precise separation of duties.
Using RBAC
To use these new RBAC features, select Company Settings from the drop down menu at the top right.
Use the Users tab to invite users, view and edit a user’s roles, and view and edit a user’s team memberships.
Use the Teams tab to manage team configurations like client secrets and certificates, team members and roles, and the team’s API key.
New Roles
With the RBAC updates, we’ve made changes to our available roles. Here’s a list of the roles available and an overview of their permissions:
Company Role | Auth Mgmt | User Mgmt | Team Mgmt | Access Logs | Integration Mgmt |
---|---|---|---|---|---|
Owner | ✓ | ✓ | ✓ | ✓ | ✓ |
Admin | ✓ | ✓ | ✓ | ||
Manger | ✓ | ✓ |
Team Role | Run Attacks | User Mgmt | Client Mgmt | API key Mgmt | Secrets/Certs |
---|---|---|---|---|---|
Manager | ✓ | ✓ | ✓ | ✓ | ✓ |
User | ✓ | ✓ | ✓ |
With these updates, Super Users have transitioned to the Company Owner role and Users to Team User roles.
For paid users, all company, team, and user roles are available. For Free users, the roles available are limited to Company Owner and Users.
For more information on roles go to our detailed help doc page.
API Updates
As part of these RBAC updates, API users can now create a session that works for any team they belong to, instead of managing sessions for every team. It also works for users that do not belong to any team. This is useful for creating a user that only has access to a Company Admin role for auditing purposes.
For more information you can visit our API docs to learn how to use this new session with our API.
Security is Always a First Class Citizen
At Gremlin, safety, security, and simplicity are our core product values. By adding more granular roles and permissions to RBAC, our customers with growing Chaos Engineering programs now have the ability to easily manage and audit access to Gremlin functionality, separating user, team, and account management for better safety and security in their Chaos Engineering programs.
For more information on each role, and RBAC in general, go to our help doc page on RBAC, or join the #support channel in the Chaos Community Slack for help.