Role-Based Access Control

Role-Based Access Control (RBAC) significantly reduces the risk of accidental and unauthorized actions. Admin Users of the Mender Server can assign to the other Users Roles with limited access based on the User's responsibilities and required tasks. Role assignments reduce the risk of accidents, such as deploying beta software to production devices. It also reduces the security impact of any compromised Mender Server User accounts (e.g., in the case of a stolen password).

Roles

A Role is a named set of permissions you can assign to Users.

You can manage Roles in the "Roles" view in the Mender settings for your tenant:

Built-in Roles

Mender's RBAC system supports five built-in Roles:

• Admin: Full access.

• Read Access: Intended for team leaders or limited tech support accounts; this Role can see all Devices, Artifacts and Deployment reports but cannot make any changes.

• Release Manager: Intended for automation accounts building software (e.g., CI/CD systems), this Role can only manage Artifacts, including uploading new Artifacts and deleting existing Artifacts. It does not have access to Devices or Deployments.

• Deployments Manager: Intended for Users responsible for managing deployments, this Role can create and abort deployments for all the devices.

• Troubleshooting: Access to the troubleshooting features for all the devices: Remote Terminal, File Transfer, Port Forwarding.

Custom Roles and Permissions

You can create new Roles based on your specific needs and workflows. When creating or editing custom Roles, you can specify the Role's name, description and a set of permissions to grant to the Users bound to the Role.

Some of the permissions apply at the tenant level:

• User Management: these permissions should be granted carefully, as they allow privilege increases for any Users managed by a User with User management permissions.

  • Read: read access to the User management sections.
  • Manage: write access to the User management sections, requires Read.

• System audit log: these permissions allow tracing changes to devices, releases and User accounts, as well as providing information about deployments.

  • Read: read access to the audit log section.

• Releases: these permissions can be granted to allow artifact and release modifications, as well as the creation of new releases.

  • Read: read access to the releases and artifacts sections.
  • Upload: upload-only access to the releases and artifacts sections.
  • Manage: full write access to the releases and artifacts sections, requires Read and Upload.

The device-specific permissions can apply to either all the devices or selected static groups of devices:

• Read: read access to the devices.
• Manage: write access to the devices, requires Read.
• Deploy: permission to deploy software to the devices, requires Read.
• Connect: troubleshooting access to the devices, requires Read.
• Configure: permission to get and set devices configuration, requires Read.

Assigning Roles to Users

When creating a new User, or editing an existing User, you can assign one or more Roles to him by selecting them from the Roles dropdown:

The permissions granted to a User are the union of all his Roles' set of permissions.