Introduction

RBAC (Roles-based access control) is a way to restrict access to certain functionality of your Chaos Engineering software. Here at Gremlin we recently released a new RBAC feature for Gremlin. RBAC is available for all Gremlin customers. Gremlin Pro customers will have more features and flexibility provided by RBAC. This enables you to ensure every Chaos Engineering practitioner at your company has the correct level of permissions for running attacks, managing users and teams, as well as configuring account settings.

Prerequisites

Before you begin this tutorial, you’ll need the following:

• A Gremlin account (request a free trial here)

Step 1 - Creating a Team in Gremlin

In this step, you’ll create a new Team within Gremlin.

First, open Gremlin Company settings and ensure you have selected Gremlin Company Teams.

Next click Create Team.

Now you will be able to create your team. Choose a name, for example, the team name could be SRE.

Next, determine which members you would like to add to your team. Here I have selected to invite Ana and Rich to my SRE team:

Step 2 - View and Edit Member Roles in a Gremlin Team

In this step, you’ll edit the member roles for users in a Gremlin Team.

First, click on the three dots to the right of Ana’s name and then click Edit Roles.

Now we can view and Edit Team roles for Ana.

Ana is currently a team member she can create, run and halt attacks, templates, schedules and has the ability to access team API management. Ana can also read team users.

We could alter Ana’s role and elevate her permissions by making her a Team Manager. This would give her team user, client, integration and secret management. She would be able to add users to her company, read all users, read team users, add and remove users from her team, manage team user permissions and manage team credentials.

Step 3 - Use the Gremlin API to manage RBAC users, roles and permissions

In this step, you’ll explore how the Gremlin API can be used to automate the management of your RBAC for users, roles and permissions.

The Gremlin API docs are available to you within the Gremlin API here: https://app.gremlin.com/api.

You will find RBAC functionality under users, organizations (teams) and reports.security. The Security API is only possible to access by specific roles.

Conclusion

You've learned how RBAC (Roles-based access control) is a way to restrict access to certain functionality of your Chaos Engineering software. RBAC enables you to ensure every Chaos Engineering practitioner at your company has the correct level of permissions for running attacks, managing users and teams, as well as configuring account settings. You can also create automated reports that you audit to ensure users and roles are consistently correct and meet your expectations.