Live Workshop: Integrate Google SecOps with Bindplane - Join Us on January 29th at 11 AM ET!Sign Up Now

Role-based Access Control

Assign user permission to limit access.

Overview

This document outlines BindPlane OP Role-Based Access Control (RBAC). BindPlane is organized by Organization and Project, where one organization can contain one or many projects.

Prerequisites

Before configuring RBAC, ensure the following prerequisites are met.

License

A Google or Enterprise license is required for using RBAC.

Authentication Mode

BindPlane must be configured to use LDAP, Active Directory, or other multi-user authentication mode. The default System authentication mode does not support multiple users.

BindPlane Cloud supports multi-user by default and does not require additional configuration.

RBAC Roles

Organization Roles

Organizations have two RBAC roles:

Organization Admin

  • Full control over the organization.
  • Can create new projects.

Organization User

  • View organization details.

Project Roles

Projects have three RBAC roles:

Project Admin

  • Full control over the project.
  • Can add and remove users within the project.
  • Can modify configurations and trigger rollouts.

Project User

  • Install and assign agents to configurations.
  • Can modify configurations within the project.
  • Cannot trigger rollouts.
  • Cannot invite or manage other users within the project.

Project Viewer

  • Read-only access to the project.

Role Assignment

Users can be invited to a project by using the Invite Users button on the Project page. When users are added to a Project, they are implicitly added to the organization.

Users can be invited by email or with an invite link. In both cases, a role must be selected.

An Admin can modify a user's role by navigating to the Users tab on the Project page. From there, the user can be selected and their role can be modified.