Role Base Access Control - (RBAC)

Role Base Access Control in Amorphic helps us to enhance user access management and operational efficiency. This feature helps the system administrators to restrict user access to sensitive information and reduces the risk of data breaches. RBAC provides an efficient way of authorizing users while accessing various services and aligns with user management compliance through out the company.

Amorphic RBAC is designed to continuously adapt any new service deployed to the application and support all user needs.

Amorphic RBAC provides the following capabilities:
  • User can have multiple roles attached and has the ability to switch between them to perform various actions based on his/her responsibilities.
  • Customize user role permissions to a granular level.
  • Flexibility to choose the type of Amorphic view upon login.

The following picture depicts the Role Management Console in Amorphic:

RBAC Home Page

What is a Role?

Role is defined as a Job function or title which defines the authority level (Source : Wikipedia). Role has the following properties:

  • A Role can have multiple users attached to it.
  • A Role can have many permissions.
In Amorphic we have two types of Roles:
  • System Roles : Which are provided by the application by default.
  • Custom Roles : Created by users.

System Roles

Amorphic RBAC provides application users with two default roles namely “System Administrators Role” and “System Default Users Role”

  • System Administrators Role

    The primary goal of this role is to provide a hierarchy and differentiate between regular vs administrator level users. This role consists full permissions for every service offered in Amorphic and can perform all the activities without any restrictions.

  • System Default Users Role

    System default Users Role is a basic application access role which is provided to every user. This role consists a list minimal permissions for the user to navigate through and understand the application.

    Note

    This is not to be confused with user’s default role. User’s default role determines what all services that he/she sees when logged in.

Custom Roles

Amorphic RBAC provides application users flexibility to create customized Roles by selecting permissions from a list of fine grained access permissions for each service. Example: User can create custom Data scientist role and provide access to ML notebooks only. Please check the how to create new section for more details Create Role

Amorphic RBAC Role contains the following information:

Role Metadata Information

Type Description
Role Name Role Name, which uniquely identifies the functionality of the role.
Role Description A brief explanation of the role typically the functionality for what it is used.
Permissions A permissions is an action defined for a particular service. Each Role consists of a group of permissions. These permissions determine the level access within a service offered in Amorphic. A permission can be assigned to multiple roles and vice versa.
UsersAttached The list of users to whom the the role is attached to.
CreatedBy User who created the role.
LastModifiedBy User who has recently updated the role.
LastModifiedTime Timestamp when the role was recently updated.

How are roles associated to an user

As part of Amorphic RBAC, every user is provided with one default Role called User Default-Role which provides basic application access. Other than the default role, User can be attached to a Administrator created custom role. Each user can have one or more roles based on the level of responsibilities.

User has the ability to switch between roles to perform various activities and can choose his/her default access role for quicker access to Amorphic services.

Role Operations

Amorphic RBAC along with the basic CRUD (Create, Read, Update and Delete) operations for a role, it provides a wide range of operations

  • Create Role : Create a custom role by choosing from a list of permissions and attach to a User.
  • View Role : View existing Role Metadata Information
  • Update Role : Update an existing role.
  • Delete Role : Delete an existing role.
  • Switch Role : This functionality helps user to switch between multiple roles attached.
  • Update user default-role : Helps user to customize the landing page view. Example: if User frequently uses Machine learning services, one can pick say a “Data scientist Role” as default login view for quicker access.

Create Role

You can create new Role in Amorphic by using the “New Role” functionality of Amorphic application.

In order to create a new Role, you would require information like Role Permissions and User names who are attached to the role. Following are the main information required to create a new role.

RBAC Create New Role

View Role

If the user has sufficient permissions to view a role, He/She can view all the existing role information by clicking on the Role Name under the Roles section inside Management Menu.

Please follow the below animation to view the role information in detail

RBAC View role

Update Role

If the user has sufficient permissions to update a role, He/She can view all the existing role information by clicking on the Role Name under the Roles section inside Management Menu and by clicking on the Edit Role option from the left side Role Actions drop down menu. This will re-direct you to a different page where you can start editing any of the Role metadata.

Please follow the below animation to update the role information in detail

RBAC Update role

Delete Role

If the user has sufficient permissions to delete a role, He/She can view all the existing role information by clicking on the Role Name under the Roles section inside Management Menu and by clicking on the Delete Role from the left side Role Actions drop down menu.

Please follow the below animation to delete the role.

RBAC Delete role

Switch Role

Switch Role functionality is enabled for users with more than one Role attached to them. This functionality can be accessed by clicking on the User Profile icon and Switch Role item of the the drop down menu. Users will be presented with a drop down list of roles that He/She is attached to from where we can pick one for switching.

Please follow the below animation to switch between roles.

RBAC Switch role

Update user default-role

Update Default Role functionality is enabled for users with more than one Role attached to them. This functionality can be accessed by clicking on the User Profile icon and Profile & Settings item of the the drop down menu. You will be taken to the ‘User Profile’ page where you find the ‘default Role’ field. On clicking the ‘Change’ button beside it, Users will be presented with a drop down list of roles that He/She is attached to from where we can pick one for switching.

Please follow the below animation to update the user’s default role.

RBAC Update default role
More sources:
Learn more on RBAC