Role Based Access Control

What is RBAC?

RBAC or Role Based Access Control is a mechanism you can use as an admin to limit the access of your users in Teleskope.

RBAC is based on the following principles:

  • Each role grants access to a collection of features and connectors

  • Each user can be assigned one or more roles

  • A user's permissions in the Teleskope app are the aggregate of all permissions granted by their roles

Configuring RBAC as an admin

By default, admins are granted full access to your Teleskope instance, able to view and interact with every feature and connector. Admins are also the only users who can create/update/delete roles, and assign/un-assign roles from users.

Admins can navigate to the RBAC page by selecting the Users and Roles option under Settings on the sidebar in the Teleskope app. Then they can:

  • Create/edit/delete roles in the Roles tab

  • Assign/unassign roles for each user in the Users tab

  • View a user's aggregate permissions to see what their roles have collectively granted them so far

The 3 pre-existing RBAC roles

There are 3 starting roles that come by-default in your Teleskope instance, and each is unique:

  • The admin role, which is immutable and gives full access to the Teleskope app while also unlocking admin features like configuring RBAC or inviting new users.

  • The default role which all users have, and holds any permissions admins would like all users to have no matter what. This default role is given full permissions to start with, so it is up to admins to opt in to RBAC by downgrading any of these default role permissions. While the default role has S3 access, so do all users, etc.

  • The teleskope-support role which is a special case, only assigned to Teleskope employees who have been given access to your instance for support or maintenance purposes.

The 3 corresponding user types

These roles also determine what User Type a user is in the app. Users with the admin role are considered an Admin type user, users with the teleskope-support role are considered a Teleskope Support type user, and everyone else is just a regular Standard user.

RBAC use case suggestions

It's ultimately up to the admin to use RBAC as they see fit and design their own rules. However, there are a few common themes and strategies Admins may want to employ with RBAC:

  • Want to limit particularly sensitive data or features to only select users?

    • Limit access to these in a role, and only assign that role to select users.

  • Onboarding a new employee to a specific team?

    • That user can be assigned a role for that team that includes all the permissions they may need.

  • Off-boarding an employee from a team, but still keeping them at the company?

    • If that team had a custom role with their needed permissions, unassign that role from the off-boarded user.

  • Want all new users to start with some level of basic permissions?

    • Add these permissions to the default role to automatically give new users this access.

  • Don't care about restricting access at all?

    • You can give the default role full permissions, so any non-admin user can also see everything by default.