40.3 Role-Based Access Control and Multitenancy for Visualization

Sentinel leverages Kibana, a browser-based analytics and search dashboard, which helps you to visualize events and alerts in dashboard. From the 8.4.0.0 version of the Sentinel, Role-Based Access Control (RBAC) and multitenancy are supported for the visualization features in the Sentinel. With the RBAC, you can provide the right access to the right users based on their permission level for accessing the visualization features. For more information about the visualization permissions, see Creating a Role. The multitenancy in the visualization provides greater flexibility for tenants by letting them control their dashboards or visualizations.

40.3.1 Use Case

Consider the user is a banking application. They have 10 branches in different states. The manager of the branch must monitor only the activity specific to his or her branch and, he or she should not access the other branch's user information. There are different levels of employees in the bank like the manager, assistant manager, cashier, and other employees. Each of them must see what they are allowed to see. For example, a regular employee should not be allowed to see the Management option and, he or she should be given permission only to see the user dashboard and should not be allowed to Edit it.

Solution

  • Consider each branch of the bank as a tenant.

  • Use multitenancy in the visualization, not to allow an employee of a specific branch of the bank to access the user-related data or the dashboard of another branch. A branch admin/manager can create his or her own custom domain which can only be accessed by that branch employee and not by others.

  • RBAC in the visualization can help the admin of the branch to assign proper permissions for the employees, based on their employment level. So that they get access only to the features they are supposed to see. A regular employee can be given View-only permission for the visualization features so that he or she can only see the dashboard but cannot Edit or Delete it.