August 15, 2019

Announcing Advanced Role Based Access Controls for Gremlin

Announcing Advanced Role Based Access Controls for Gremlin

Today we’re excited to release the advanced features we’ve added to Role Based Access Control, or RBAC, Gremlin’s user management system. These features allow our customers to manage Gremlin permissions in the same way that their internal organizations do.

With RBAC you can ensure that every Gremlin user at your company has the correct level of permissions for running attacks, managing users and teams, as well as configuring account settings. Permissions are assigned to roles that you can assign to users in order to establish a precise separation of duties.

Using RBAC

To use these new RBAC features, select Company Settings from the drop down menu at the top right.

Use the Users tab to invite users, view and edit a user’s roles, and view and edit a user’s team memberships.

Use the Teams tab to manage team configurations like client secrets and certificates, team members and roles, and the team’s API key.

New Roles

With the RBAC updates, we’ve made changes to our available roles. Here’s a list of the roles available and an overview of their permissions:

Company Role Auth Mgmt User Mgmt Team Mgmt Access Logs Integration Mgmt
Owner
Admin
Manger
Team Role Run Attacks User Mgmt Client Mgmt API key Mgmt Secrets/Certs
Manager
User

With these updates, Super Users have transitioned to the Company Owner role and Users to Team User roles.

For paid users, all company, team, and user roles are available. For Free users, the roles available are limited to Company Owner and Users.

For more information on roles go to our detailed help doc page.

API Updates

As part of these RBAC updates, API users can now create a session that works for any team they belong to, instead of managing sessions for every team. It also works for users that do not belong to any team. This is useful for creating a user that only has access to a Company Admin role for auditing purposes.

For more information you can visit our API docs to learn how to use this new session with our API.

Security is Always a First Class Citizen

At Gremlin, safety, security, and simplicity are our core product values. By adding more granular roles and permissions to RBAC, our customers with growing Chaos Engineering programs now have the ability to easily manage and audit access to Gremlin functionality, separating user, team, and account management for better safety and security in their Chaos Engineering programs.

For more information on each role, and RBAC in general, go to our help doc page on RBAC, or join the #support channel in the Chaos Community Slack for help.

Related

Avoid downtime. Use Gremlin to turn failure into resilience.

Gremlin empowers you to proactively root out failure before it causes downtime. Use Gremlin for Free and see how you can harness chaos to build resilient systems.

Use For Free