Admin roles
Learn more about how to use Role-based Access Control to setup your own roles and rights to achieve a least-privilege approach to managing your Strivacity configuration.
With Admin Roles you can:
Pre-configured Admin roles
To start using Admin Roles, follow these simple steps:
- Log into the admin console using an admin account.
- Go to Instance Configuration > Admin Roles from the main menu. The Admin Roles page will be displayed as shown below.
Default admin roles
- You will notice that Strivacity includes 3 pre-configured Roles by default. The rights of these roles is explained in the table below:
| Roles Name | Role Description | Access Rights |
|---|---|---|
| Admin | Provides full administrative access to this instance of Strivacity. | Grant All: Read, Write, Delete |
| Auditor | Provides access to the Dashboard and read-only access to the Admin Console | Grant All: Read |
| Helpdesk | Provides the ability to manage customer accounts and groups | Account Authenticators: Read, Write, Delete Account Events: Read Account Identities: Read Account Management: Read, Write, Delete Consent Management: Read Dashboard: Read Identity Store: Read |
The rights for the pre-canned Admin Role (Grant All, Read, Write, Delete) cannot be modified. If you wish to create a similar or duplicate Admin Role simply create a Custom Role.
These roles can be assigned to any existing Admin users within Strivacity. See Assigning Roles to Admin Accounts for instructions on how to do this.
Creating custom roles
Strivacity supports the capability for Admins to create their own custom roles by constructing them using the available rights. A role will consist of many rights, where a right corresponds to a discreet administrative function within the admin console.
To create a custom role, follow these simple instructions:
- Log into the admin console using an admin account.
- Go to Instance Configuration > Admin Roles from the main menu. The Admin Roles page will be displayed as shown below:
List of admin roles
- Click the 'Create Role' button from the top right corner. You will now be able to set the
- Role Name,
- Role Description,
- decide if the role allows access across the instance or on a per identity store basis, and
- choose the individual Access Rights that you would like to apply to this role.
User per identity store permission
This switch allows you to add permissions on an identity store basis. This means that the permissions granted by the admin role can be tied and customized to specific identity stores instead of granting the same permissions across every identity store.
You can click through the tabs to see the available Access Rights for administrative accounts:
Account management
Account management permissions
Administration
Instance administration permissions
Policy configuration
Policy configuration permissions
- Once you have chosen the Access Rights that you wish to add to the role, click the 'Save' button. The newly created Admin Role is available for assignment to admin accounts. See Assigning Roles to Admin Accounts to learn more about Admin Role assignments.
Assigning roles to admin accounts
To assign any Admin Roles to Admin Users follow these simple steps:
- Log into the admin console using an admin account.
- Go to Instance Configuration > Admin Roles from the main menu.
- Select the Admin Role that you wish to assign to an Admin User.
- Next, click the Assignees tab, and any assigned accounts will be displayed, as shown below:
Assignees page
- Now click the 'Assign Accounts' and add any Admin Users from the available list
- You will now be asked to confirm the assignment. Click 'Assign' to finish assigning the Admin user to the Role, or cancel.
- You will now see that Admin User has been added to the role and so they will now have the rights to perform the Helpdesk function (per his example).
Updated 15 days ago