Skip to main content

RBAC (Role-Based Access Control)

Role-Based Access Control (RBAC) is a cornerstone of modern access management, ensuring that users have the exact permissions they need—no more, no less. Escape's RBAC features allow organizations to meticulously define roles and fine-grained permissions, ensuring robust security, streamlined operations, and maximized productivity.

Escape's RBAC is accessible under the "Organization" Settings, and at the "Application" settings level.

Core Roles

Escape defines roles via a mapping between features and CRUD permissions for each features. The following are the core features that can be configured in Escape:

  • Applications: Applications created from discovered endpoints in the inventory, with their scan configurations and scan results.
  • Inventory: The Escape inventory, built from the discovered endpoints via integrations, and crawling.
  • Integrations: All the integrations that are configured in Escape to discover and enrich your organizational context.
  • Reporting: Your organizational dashboard to visualize the data from the inventory and the applications, your progress and security posture.
  • Notifications: Your configured notification workflows, and the history of the triggered notificat.

RBAC Table

FeatureAdministratorEditorViewerNone
All ApplicationsAllow users to perform all application and scan operationsAllow users to browse all scan results, start scans, update configurationsAllow users to browse all scan resultsNo access
InventoryAllow users to perform all inventory operationsAllow users to browse the inventory, update endpoints data, set labelsAllow users to browse the inventory and view endpoints dataNo access
IntegrationsAllow users to perform all operations including create, read, update, deleteN/AN/ANo access
ReportingAllow users to perform all operations including create, read, update, deleteN/AN/ANo access
NotificationsAllow users to perform all notification operationsAllow users to create, update and delete custom notification workflowsAllow users to view custom notification workflowsNo access

Fine-Grained Application Permissions

Beyond the core roles, Escape provides the flexibility to define permissions at the granular application level. This ensures that users or business units can be restricted or permitted to specific applications, aligning with their job responsibilities and the principle of least privilege.

You can simply configure the permissions for each application by selecting the role for each application.