RBAC Reference
RBAC policies are made up of three elements: actions, resources and effect. Each API endpoint involves one or more actions and can be performed on specific resources.
For example, the GET /agents endpoint is used to obtain the information of one or all agents. This endpoint applies the action agent:read
on the resource agent:id
or agent:group
. For example, agent:id:001
(agent 001) or agent:id:*
(all agents). All the existing resources, available actions and the endpoints affected by each one can be found in this reference page.
This reference also contains a set of default roles and policies that can be immediately used instead of having to create new ones.
Resources
*:*
Description |
Reference resources that do not yet exist in the system (futures). Actions using these resources are called resourceless. |
agent:group
Description |
Reference agents via group name. This resource is disaggregated into the agent's IDs belonging to the specified group. |
Example |
agent:group:web |
Actions
In each action, the affected endpoints are specified along with the necessary resources, following this structure: <Method> <Endpoint> (<Resource>)
Agent
agent:modify_group
agent:read
Cluster
cluster:delete_file
DELETE /cluster/{node_id}/files (node:id:<node>&file:path:<file_path>)
cluster:read_file
GET /cluster/{node_id}/files (node:id:<node>&file:path:<file_path>)
Manager
manager:read
Security
security:delete
security:update
Syscollector
syscollector:read
GET /experimental/syscollector/hardware (agent:id, agent:group)
GET /experimental/syscollector/hotfixes (agent:id, agent:group)
GET /experimental/syscollector/netaddr (agent:id, agent:group)
GET /experimental/syscollector/netiface (agent:id, agent:group)
GET /experimental/syscollector/netproto (agent:id, agent:group)
GET /experimental/syscollector/packages (agent:id, agent:group)
GET /experimental/syscollector/ports (agent:id, agent:group)
GET /experimental/syscollector/processes (agent:id, agent:group)
GET /syscollector/{agent_id}/hardware (agent:id, agent:group)
GET /syscollector/{agent_id}/hotfixes (agent:id, agent:group)
GET /syscollector/{agent_id}/netaddr (agent:id, agent:group)
GET /syscollector/{agent_id}/netiface (agent:id, agent:group)
GET /syscollector/{agent_id}/netproto (agent:id, agent:group)
GET /syscollector/{agent_id}/packages (agent:id, agent:group)
GET /syscollector/{agent_id}/processes (agent:id, agent:group)
Default policies
agents_all
Grant full access to all agents related functionalities.
- Actions
- Resources
agent:id:*
agent:group:*
group:id:*
*:*:*
- Effect
allow
agents_commands
Allow sending commands to agents.
- Actions
- Resources
agent:id:*
agent:group:*
- Effect
allow
agents_read
Grant read access to all agents related functionalities.
- Actions
- Resources
agent:id:*
agent:group:*
group:id:*
- Effect
allow
ciscat_read
Allow read agent’s ciscat results information.
- Actions
- Resources
agent:id:*
agent:group:*
- Effect
allow
cluster_all
Provide full access to all cluster/manager related functionalities.
- Actions
- Resources
file:path:*
node:id:*
node:id:*&file:path:*
'*:*:*'
- Effect
allow
cluster_read
Provide read access to all cluster/manager related functionalities.
- Actions
- Resources
file:path:*
node:id:*
node:id:*&file:path:*
'*:*:*'
- Effect
allow
decoders_read
Allow read all decoder files in the system.
- Actions
- Resources
decoder:file:*
- Effect
allow
sca_read
Allow read agent’s sca information.
- Actions
- Resources
agent:id:*
agent:group:*
- Effect
allow
security_all
Provide full access to all security related functionalities.
- Actions
- Resources
role:id:*
policy:id:*
user:id:*
rule:id:*
*:*:*
- Effect
allow
users_all
Provide full access to all users related functionalities.
- Actions
- Resources
user:id:*
*:*:*
- Effect
allow
syscheck_read
Allow read syscheck information.
- Actions
- Resources
agent:id:*
agent:group:*
- Effect
allow
syscheck_all
Allow read, run and clear syscheck information.
- Actions
- Resources
agent:id:*
agent:group:*
- Effect
allow
Default roles
agents_admin
Agents administrator of the system, this role have full access to all agents related functionalities.
- Policies
cluster_admin
Manager administrator of the system, this role have full access to all manager related functionalities.
- Policies