Objective:
This document provides a clear understanding of how User-Based Access Control (UBAC) is structured within SanerCVEM, particularly in the SanerNow CVEM module. It outlines the role hierarchy, responsibilities, and scope of access for each user type—helping administrators assign roles appropriately and maintain security boundaries.
Level 1: SUPERUSER
Available only on-prem deployments
Scope: Full control across the SanerNow deployment.
Can create users with the role:
ADMIN
? Level 2: ADMIN
Scope: Platform-wide control. Manages all organisations and accounts.
Can create, edit, or delete users with the roles:
ORGADMIN
ACCOUNTADMIN
NORMAL
Can create:
Organisations
Accounts
Users
? Level 3: ORGADMIN
Introduced in SanerNow 4.7 release
Scope: Limited to the organisation they are assigned to.
Can create users with the roles:
ACCOUNTADMIN
NORMAL
Can manage:
Accounts within their assigned organisation
Users under those accounts
? Level 4: ACCOUNTADMIN
Scope: Manages a specific account only.
Can create users with the role:
NORMAL
Cannot:
Create or manage other accounts
Access other organisational data
? Level 5: NORMAL
Scope: Restricted access user within an account.
Can:
View and perform limited actions based on permissions granted within the account.
Cannot:
Create or manage users
Modify account or organisation settings
? Summary of Role Capabilities
Role | Create Organisations | Create Accounts | Create Users | Manage Org/Account Data |
---|---|---|---|---|
SUPERUSER | ✅ | ✅ | ADMIN only | ✅ |
ADMIN(Clloud account) | ✅ | ✅ | All roles | ✅ |
ORGADMIN | ❌ | ✅ | ACCOUNTADMIN, NORMAL | Limited to assigned org |
ACCOUNTADMIN | ❌ | ❌ | NORMAL only | Limited to assigned account |
NORMAL | ❌ | ❌ | ❌ | View/Operate within limits |
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article