Users and Roles
An account can have multiple users, and each user has a role that defines what they can see and do. When a new account is created, the first user has an admin role which allows that user to create and manage additional users for the account.
User roles and description
The following user roles are available:
| Role | Description |
|---|---|
| admin | admin users have full access to the account and can manage other users and their access. |
| platform | platform users can access all resources including Compliance, Inventory Report, and Policies, but cannot manage users. |
| security | security users can view the Policy Report and manage Policy Exceptions. They have the privilege to review Policy Exception requests and have access to Compliance, Clusters, and Repositories, but cannot manage users. |
| devops | devops users have the least privileged access. A devops user can view the Policy Report and create Policy Exceptions. They do not have access to Compliance, Inventory Report, and cannot manage users. |
Configuring user roles and permissions
Identity & Access Management (IAM) lets you add users, set user privileges, group users in teams, and configure access methods such as Security Assertion Markup Language (SAML), OpenID Connect (OIDC), and Multi-Factor Authentication (MFA).
IAM offers configuration of:
- Users and Roles
- Teams
- OpenID Connect based authentication
- Multi-factor authentication
- Granular IAM
- Security Assertion Markup Language (SAML) based authentication