Role Based Access Control is only available in the Mender Enterprise plan. See the Mender features page for an overview of all Mender plans and features.
Role Based Access Control (RBAC) significantly reduces the risk of accidental and unauthorized deployments. Admin users of the Mender server can assign Roles with limited access, based on the responsibility of the user and required tasks. Role assignments reduce the risk of accidents, such as deploying beta software to production devices. It also reduces the security impact of any compromised Mender server user accounts (e.g. in the case of a stolen password).
Mender supports four different types of Roles:
Admin: Full access
Read Access: The role allows the user to see the status of devices and deployments, but not make any modifications. This role is well suited for limited technical support users, or team leads who need an overview of deployment status or individual devices, but are not involved in day-to-day deployment management.
Release Manager: Intended for Continuous Integration systems. It can only manage Mender Artifacts, such as upload and delete Artifacts.
Deployments Manager: Intended for users responsible for managing deployments. With this role users can create and abort deployments. On it's own this role won't make the devices visible in the UI, you must pair it with Read Access for that.
Troubleshooting: User with this role assigned has access to the troubleshooting features such as Remote Terminal, File Transfer, Port Forwarding. On it's own this role won't make the devices visible in the UI, you must pair it with Read Access for that.
Users with the Admin role can manage other users, including creating and assigning roles when creating a new user account or editing an existing user account.
Found errors? Think you can improve this documentation? Simply click the Edit link at the top of the page, and then the icon on Github to submit changes.
© 2021 Northern.tech AS