Access control quick start for Northstar
Role-based access control determines the data that users can see and the actions they can perform.
Recommendation: To quickly add new users to Northstar, use the built-in user access groups that you see in the web interface. Following this quick start guide instead of using Deployment Hub ensures your users have the correct permissions to accomplish their tasks.
Note
If you set up custom roles, resource groups, or user access groups, actions might change in the future. You would need to update these groups at that time.
Before you begin
Identify the different types of users in your organization.
For example, you might have developers who only need to access specific applications.
Determine the type of data you want each group of users to access.
For example, you might want to restrict access to issues and incidents data based on specific applications.
Determine the actions you want to allow for each group of users.
For example, you might want to restrict some users to viewing data only while others can manage settings and data.
To ensure secure access to your data, use least privilege principles when you set up access control.
If you have permissions to view incidents, you can see all incident details, including applications.
You cannot view details for specific applications unless your role belongs to a user access group that lets you view the application.
If you have permissions to close issues, your role automatically inherits the permission to view applications.
Quick start steps
In the left navigation, under Administration, select Access control.
Select the Users tab and select Add user.
Enter the user’s details, including the name and email address.
Under Allow access, select one of these built-in user access groups.
Organization Administrators: These users can view and manage all data and settings.
Organization Editors: These users can manage agent keys and integrations but cannot manage data and settings in the organization.
Organizational Viewers: This is the most restrictive group that only lets users log in to Northstar.
Security Analysts: These users can view all application data, manage all policies and rules, as well as manage incidents and issues.
Security Developers: These users can view all application data, manage all issues, and view all incidents.
Select Save when done.
Note
User access groups define the roles assigned to users.
Roles define the resources groups for users and the actions they can perform.
Resource groups define the resources a user can access.
Built-in user access groups and roles for Northstar
Built-in user access groups | Built-in roles | Actions |
|---|---|---|
Organization administrators | Organization administrator | Manage organization |
Organization editors | Organization editor | Edit organization |
Organization viewers | Organization viewer | View organization |
Security analysts | Security analyst | Access Protect Manage organization rules Edit organization Manage applications (all applications) Manage incidents Manage issues (all applications) Manage tasks |
Security developers | Security developer | View organization View application (lets you view data for all applications) Access Protect View incidents (lets you view all incidents, including those for applications you don't have access to) Manage issues (let you manage issues for all applications) Manage tasks |
See also
Visit Access control (Preview) if you want to learn more about roles, resource groups, and user access groups.
Note
When you set up access control, only the built-in roles and user access groups described in this topic are displayed for users of Northstar