Role-Based Access Control (RBAC)

Overview

This document outlines Bindplane Role-Based Access Control (RBAC). Bindplane is structured by Organization and Project, with one organization capable of containing one or multiple projects.

Prerequisites

Before configuring RBAC, ensure the following prerequisites are met.

License

A Google or Enterprise license is required for using RBAC.

Authentication Mode

Bindplane must be configured to use LDAP, Active Directory, or another multi-user authentication mode. The default System authentication mode does not support multiple users.

Bindplane Cloud supports multi-user by default and does not require additional configuration.

RBAC Roles

Organization Roles

Organizations have two RBAC roles:

Organization Admin

• Full control over the organization.

• Can create new projects.

Organization User

• View organization details.

Project Roles

Projects have three RBAC roles:

Project Admin

• Full control over the project.

• Can add and remove users within the project.

• Can modify configurations and trigger rollouts.

Project User

• Install and assign collectors to configurations.

• Can modify configurations within the project.

• Cannot trigger rollouts.

• Cannot invite or manage other users within the project.

Project Viewer

• Read-only access to the project.

Role Assignment

Users can be invited to a project by using the Invite Users button on the Project page. When users are added to a Project, they are implicitly added to the organization.

Users can be invited by email or with an invite link. In both cases, a role must be selected.

An Admin can modify a user's role by navigating to the Users tab on the Project page. From there, the user can be selected and their role can be modified.