Skip to content

Role-Based Access Control (RBAC) for Accounts

Who can make admin changes to a subgroup's settings, host settings or trust profiles ?

No account, (NOT EVEN System Admins), can edit or modify any Security Group settings, host settings or policy profile without being trusted as a Admin by the Inheritance Tree owner or admins.

Master Admins can access other login accounts but leave an audit trail of when they enter or exit that login account. Only administrators who can be trusted with Database access should be trusted as a Master Admin. They have "sudo" privileges in the Dashboard.

What is a Malware Advisor?

A "Malware Advisor" is NOT an "access role" but a system wide application of an Advisor's malware Block Policies for any matching App Handprints or Code-Signing Certificates (CERTs). A Malware Advisor can have any "access role" level. or even be just a Trust-Profile instead of an actual administrator's account. The purpose of Malware Advisors is to simplify which Profiles contribute to the process for blocking Known Malware and Unwanted Apps.

Role-Based Access Control Levels

Each of the following "role access" levels can perform the functions of a lower "role access" level.

  • Master Admins
  • Master Admins have the ability to "sudo" into an account, but this will leave an audit trail in the security log.

Who are the Master Admins for my White Cloud Security Data Center Appliance?

  • With a Data Center Appliance the Master Admin is assigned during the setup process.

Role-Based Access Control Privileges

Role Access
Master Admin Can "View As" any account
"View As" creates an audit trail in the security log
The first Master Admin is assigned during the setup process
Only a Master Admin can make another admin a Master Admin
System Admin View all system logs
Account Admin Purge a Login Account after it has been disabled by the account owner
System Agent View all accounts across the platform
Account Agent Create Login Accounts, Organizations and resend activation emails
Advisor Standard Enterprise functional as Trust-Listing Admin
Can be added to Admin Groups to allow configuration and policy management
Can be assigned as an Org Admin to add or remove members of an organization
Can be assigned as an Viewer with read only access to status and reports
Basic Account Limited functionality for Dashboard Interface simplicity
--------------- -----------------------------------------------------------------------------
End User End Users have no access or visibility into Trust Lockdown