Role Based Access Control

Control Room implements Least Privileges and Separation of Duties through a configurable Role-Based Access Control (RBAC) capability that conforms to requirements in NIST AC 2, 3, 5, and 6.

All Control Room users are assigned one or more roles. Access is available based on the usage conditions assigned to each role that a user is a member of. Authorized users can also temporarily or permanently suspend users, per business needs. RBAC enforces session handling to prevent any unauthorized use. If an unauthorized user attempts to view session details or to gain unauthorized access, the Control Room cluster does not allow the user to continue, and immediately terminates the unauthorized user session. This user must log in with their credentials again. Inactive accounts can be disabled.

The administrator controls are responsible for all security functions consistent with best practices in NIST SC-3: Security Function Isolation.

By default, the Control Room includes segmented administrator roles. Many permissions are supported for creating new roles.

A variety of permissions are supported for creating new roles.

Controls are implemented at Control Room, Bot Creators, and Bot Runners layers to implement NIST Access Controls (AC) and Change Management (CM) guidelines. The following technical controls are implemented to ensure access is governed through NIST Least Privileges.