Ctrlk
Adaptiva.comSupport

Role-based Access Control

Role-based access control (RBAC) allows your organization to manage who has access to resources in OneSite Patch, what resources they have access to, and what they can do with these resources.

Role-based Access Control (RBAC) in OneSite Patch

OneSite Patch has built-in roles you can use to provide permissions to your patching solution. For more information on the RBAC capabilities of the OneSite Platform see RBAC

RBAC allows you to:

  • Assign permissions to specific job functions like operations

  • Maintain data protection and regulatory compliance

  • Protect sensitive data with the principle of least privilege

  • Create branch office administrators for specific business units

Explore the security roles

  1. Log in to the Adaptiva Admin Portal.

  2. Click the gear icon > Settings > Security > Roles.

  3. On the Roles page, select the Patch Roles folder.

Built-in roles for Patch

There are 4 built-in roles for OneSite Patch. These roles cover the most common use cases, though custom roles can be added as needed. These roles will be automatically created when you add a OneSite Patch license.

Patch Super Administrator: This role gives users full permission to OneSite Patch. This role is typically your IT solutions administrator.

Patch Architect: This role is focused on design, architecture, and implementation of the patching solution. For example, the architect can configure custom integrations but can't submit patches to a strategy.

  • Full permission on all intent schema objects

  • Read permission on all Flex Controls

  • Full permission on Integrations

  • Read permission on all dashboards

Patch Operator: This role is focused on the day to day running of the patching solution. For example, the operator can submit patches to a patching strategy. This role is typically your day-to-day IT Operations staff.

  • Read permission for all intent schema objects

  • Full permissions for Flex Controls

  • Read permissions to all patching dashboards

  • Additional permissions:

    • Submit patches to strategy

    • Submit patches to deployment channel

    • Submit patches to business unit

Patch Reviewer: This role is focused on observing the patching solution without access to any controls. For example, the reviewer can view patching strategies but can’t submit patches to a strategy.

  • Read permission to all intent schema objects

  • Read permission to Flex Controls

  • Permission for all patching dashboards

Branch administrator role

OneSite Patch allows you to create a branch administrator role that has full permission to OneSite Patch, but scoped to a specific Business Unit(s). The branch administrator has full control on all components within the scope of their business unit, but no class level permissions to objects outside of their scope. This branch administrator role is created dynamically in the Business Unit settings.

Patch Branch Administrator: this role gives users full permission to all OneSite Patch components, scoped to one or more business units. For example, a Seattle HQ branch administrator can create a patching strategy for the Seattle HQ business unit, but not for any other business unit.

View a role and assign members to it

You can view the permissions and membership of a role in the role details.

  1. Select a Patch role to open the properties page. You can view the role assignments and permissions detail for the role.

  2. Under Direct Administrators, click Browse and select a user to associate with this role and click OK.

  3. Click Save.

Role permission details

The following specialty permissions and flex control permissions were created to enable role-based access control.

Specialty permissions

To enable role-based access control, new specialty permissions were created for the highest-level components in OneSite Patch:

  • Strategy: submit patches to a strategy, view/manage pause/resume operations, view/manage patching cycles, add/remove patches to cycle, scan for patches, reset deployment failures.

  • Deployment Channel: pause/resume operations, view/manage cycles, add/remove patches to cycle.

  • Business Unit: add to deployment waves, add to bot runtime, view dashboards, pause/resume operations, view/manage rollback, view/manage patch exceptions, view/manage rollout cycles, add/remove patches to cycle, scan for patches, reset deployment failures.

  • Deployment Waves: add to patching strategy, add to deployment channel

Flex control permissions

  • Pause/resume: View pause/resume operations, Manage pause/resume operations

  • Rollback: view and manage rollback operations

  • Patching exceptions: View and manage patching exception operations

  • Patching cycles: View and manage patching cycles, add/remove patches to/form patching cycles

  • Deployment channel cycles: View and manage deployment channel cycles, add/remove patches to/from deployment channel cycles

  • Business unit rollout cycles: View and manage business unit rollout cycles, add/remove patches to/form business unit rollout cycles

  • Patches: scan for patches, reset deployment failures for patches

If an administrator has been granted any of these permission, they can perform these operations anywhere they want unless they are scoped to a specific object.

Next steps

PreviousOneSite Patch SaaS FAQNextCreate Branch Office Admin

Last updated

Was this helpful?