RBAC in Control Room

Control Room implements Least Privileges and Separation of Duties through a configurable Role-Based Access Control (RBAC) capability that conforms to requirements in NIST AC 2, 3, 5, and 6.

All Control Room users are assigned one or more roles. Access are available based on the usage conditions assigned to each role when users are a member. Authorized users can temporarily or permanently suspend other users when needed. RBAC enforces session handling to prevent unauthorized access. If an unauthorized user attempts to view session details or gain access, the Control Room cluster will prevent this progress and immediately terminates the unauthorized session. The unauthorized user will be prompted to log in with valid credentials. Inactive accounts can be disabled.

The administrator controls are responsible for all security functions, consistent with best practices in NIST SC-3: Security Function Isolation.

The Control Room includes segmented administrator roles by default. Many permissions are supported for creating new roles.

Controls are implemented at the Control Room, Bot Creators, and Bot Runners layers, for NIST Access Controls (AC) and Change Management (CM) guidelines. The following technical controls are implemented to ensure access is governed through NIST Least Privileges.