User rights and permissions
Spider uses a mix of Role Based Access Control (RBAC) and Permission Based Access Control (PBAC).
- Roles are used for
- Whisperers
- Applications
- Controllers
- Gociphers
- Trainer
- Trainee
- Permissions can be unitary added to each user account
User rights tab
You may check or edit the access permissions of a user on the Rights
tab of the user profile:
info
Access rights are only editable by people with the correct rights, or an administrator.
List of rights and description
Rights | Description |
---|---|
Admin | The user is an administrator (and has access to all). Only administrators may give this right to someone. |
Users mgt - Create users | Can search for users and create other users. |
Users mgt - Disable users | Can search for users and disable other users. |
Users mgt - Generate password | Can search for users and (re)generate other users passwords. |
Users mgt - Manage rights | Can search for users and edit other users rights (not his own). |
Users mgt - Impersonate users | Can search for users and impersonate other users. |
Service accounts mgt - Create service accounts | Can search and create service accounts. |
Service accounts mgt - Disable service accounts | Can search and disable other service accounts. |
Service accounts mgt - Generate password | Can search for service accounts and (re)generate secrets. |
Service accounts mgt - Manage rights | Can search for service accounts and edit rights. |
Service accounts mgt - Impersonate service accounts | Can search and impersonate service accounts. |
Controllers mgt - Create controllers | Can create a controller to deploy to a remote clster. |
Gociphers mgt - Create gociphers | Can create a gocipher to deploy to a remote clster. |
Teams mgt - Create teams | Can create a new team (and edit it). |
Whisperers mgt - Create whisperers | Can create a whisperer for him - or for a user if he can impersonate. |
Whisperers mgt - Monitor whisperers | Has access to monitoring UI for the whisperers he has access to. |
Plugins mgt - Upload | Can upload new plugins or new versions of existing plugins. |
Training mgt - User trainer | The user is a trainer and can create trainees account. He has specific capabilities associated to training. |
Training mgt - Trainee | The user is a trainee and has specific rights to complete his exercices. |
Admin tools - Full monitoring | Can access to full details of the monitoring. |