Understanding User-Based Access Control (UBAC) in SanerCVEM

Modified on Fri, 1 Aug at 12:47 AM

Objective:


This document provides a clear understanding of how User-Based Access Control (UBAC) is structured within SanerCVEM, particularly in the SanerNow CVEM module. It outlines the role hierarchy, responsibilities, and scope of access for each user type—helping administrators assign roles appropriately and maintain security boundaries.



Level 1: SUPERUSER

Available only on-prem deployments

  • Scope: Full control across the SanerNow deployment.

  • Can create users with the role:

    • ADMIN


? Level 2: ADMIN

  • Scope: Platform-wide control. Manages all organisations and accounts.

  • Can create, edit, or delete users with the roles:

    • ORGADMIN

    • ACCOUNTADMIN

    • NORMAL

  • Can create:

    • Organisations

    • Accounts

    • Users


? Level 3: ORGADMIN

Introduced in SanerNow 4.7 release

  • Scope: Limited to the organisation they are assigned to.

  • Can create users with the roles:

    • ACCOUNTADMIN

    • NORMAL

  • Can manage:

    • Accounts within their assigned organisation

    • Users under those accounts


? Level 4: ACCOUNTADMIN

  • Scope: Manages a specific account only.

  • Can create users with the role:

    • NORMAL

  • Cannot:

    • Create or manage other accounts

    • Access other organisational data


? Level 5: NORMAL

  • Scope: Restricted access user within an account.

  • Can:

    • View and perform limited actions based on permissions granted within the account.

  • Cannot:

    • Create or manage users

    • Modify account or organisation settings


? Summary of Role Capabilities

RoleCreate OrganisationsCreate AccountsCreate UsersManage Org/Account Data
SUPERUSERADMIN only
ADMIN(Clloud account)All roles
ORGADMINACCOUNTADMIN, NORMALLimited to assigned org
ACCOUNTADMINNORMAL onlyLimited to assigned account
NORMALView/Operate within limits

Was this article helpful?

That’s Great!

Thank you for your feedback

Sorry! We couldn't be helpful

Thank you for your feedback

Let us know how can we improve this article!

Select at least one of the reasons
CAPTCHA verification is required.

Feedback sent

We appreciate your effort and will try to fix the article