RBAC for Credential Vault credentials management
Credentials created in the Control Room are used across Bot Creators and Bot Runners.
These credentials are securely stored in the centralized Credential Vault to facilitate access control, and to divide in logical groups called lockers. These lockers enable complete separation between the credentials of one department from another.
Role-based permissions
Permissions for credential management-related roles include the following:
- Manage my credentials and lockers
- By default, all users can manage their own credentials and interact with the lockers to which they have permissions.
- Administrar mis lockers
- Allows the user to create and manage their own lockers.
- Administer ALL lockers
- User can do all the actions in the Admin row of the Locker permissions table below.
- Crear atributos estándar para una credencial
- User can set an attribute value that remains the same for other users of that credential attribute.
Locker permissions
Locker permissions are set when a locker is created or edited. A user can have the following permissions in a locker:
| Ver casillero | Editar casillero | Eliminar casillero | Add participant/owner | Remove participant/owner | Ver credencial | Assign credential | Remove credential | User-provided value | Standard value | |
|---|---|---|---|---|---|---|---|---|---|---|
| Consume | ✓ | ✓ | ||||||||
| Participate | ✓ | ✓ | ||||||||
| Administrar | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ | |||
| Own | ✓ | ✓ | ✓ | ✓ | ✓ | ✓ |