Manage Roles

Overview

The Banyan Command Center allows you to use templates to define two types of roles:

  • User Roles – Combine User attributes and Device attributes into a single construct and then enforce security based on those combined attributes.
  • Workload Roles – Include processes or containers running on a server.

Please refer to Zero Trust Policies for more information on Banyan Roles and Policies.

This article outlines how to configure common role scenarios and how to create a custom role.

Create a User-based Role based on IDP Groups

To create a user-based role based on IDP Groups:

1. Navigate to Secure Access > Roles and then click + Add Role.

2. Select the User Role template.

3. Configure the Role Name, Description, and Role Attributes.

4. Click + Add Role Attribute and then select By Group.

5. Enter one or more target group names. These group names must match the group names in your IDP.

6. Click Add Role.

Create a Device-based Role based on Device Ownership

To create a device-based role based on device ownership type:

1. Navigate to Secure Access > Roles and then click + Add Role.

2. Select the User Role template.

3. Configure the Role Name, Description, and Role Attributes.

4. Click + Add Role Attribute and then select By Device Ownership.

5. Select one or more ownership types.

6. Click Add Role.

Create a User & Device Roles based on IDP Groups and Device Ownership

To create a combined user- and device-based role based on IDP group and device ownership type:

1. Navigate to Secure Access > Roles and then click + Add Role.

2. Select the User Role template.

3. Configure the Role Name, Description, and Role Attributes.

4. Click + Add Role Attribute, select By Device Ownership, and then select one or more ownership types.

5. Click + Add Role Attribute, select By Group, and then enter one or more target group names. These group names must match the group names in your IDP.

6. Click Add Role.

Create a Custom Role (JSON) for Advanced Use Cases

By creating a Custom Role, you can further control specific attributes for users in your organization and workloads in your infrastructure.

To create a Custom Role:

1. Navigate to Secure Access > Roles and then click + Add Role.

2. Select the Custom Role (JSON) template.

3. Configure the Role Name, Description, and Role Attributes.

Please refer to the Role Spec for details on Role Attributes.

4. Click Add Role.

Last modified: Jan 22, 2021