RBAC for Credential Vault credentials management
- Updated: 2021/01/26
Credentials created in the Control Room are used across Bot Creators and Bot Runners.
These credentials are securely stored in the centralized Credential Vault to facilitate access control, and to divide in logical groups called lockers. These lockers enable complete separation between the credentials of one department from another.
Role-based permissions
Permissions for credential management-related roles include the following:
- Manage my credentials and lockers
- By default, all users can manage their own credentials and interact with the lockers to which they have permissions.
- Manage my lockers
- Allows the user to create and manage their own lockers.
- Administer ALL lockers
- User can do all the actions in the Admin row of the Locker permissions table below.
- Create standard attributes for a credential
- User can set an attribute value that remains the same for other users of that credential attribute.
Locker permissions
Locker permissions are set when a locker is created or
edited. A user can have the following permissions in a locker:
| View locker | Edit locker | Delete locker | Add participant/owner | Remove participant/owner | View credential | Assign credential | Remove credential | User-provided value | Standard value | |
|---|---|---|---|---|---|---|---|---|---|---|
| Consume | ✓ | ✓ | ||||||||
| Participate | ✓ | ✓ | ||||||||
| Manage | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||
| Own | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |
| Admin | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |