RBAC (Roles-based access control) is a way to restrict access to certain functionality of your Chaos Engineering software. Here at Gremlin we recently released a new RBAC feature for Gremlin. RBAC is available for both Gremlin Free and Gremlin Pro customers. Gremlin Pro customers will have more features and flexibility provided by RBAC. This enables you to ensure every Chaos Engineering practitioner at your company has the correct level of permissions for running attacks, managing users and teams, as well as configuring account settings.
Before you begin this tutorial, you’ll need the following:
- A Gremlin Pro or Gremlin Free account (sign up here)
Gremlin Pro customers will have more flexibility and options available than Gremlin Free customers. RBAC for Gremlin Pro enables features such as a Team Manager role and more granular permissions.
In this step, you’ll create a new Team within Gremlin.
Next click Create Team.
Now you will be able to create your team. Choose a name, for example, the team name could be SRE.
Next, determine which members you would like to add to your team. Here I have selected to invite Ana and Rich to my SRE team:
In this step, you’ll edit the member roles for users in a Gremlin Team.
First, click on the three dots to the right of Ana’s name and then click Edit Roles.
Now we can view and Edit Team roles for Ana.
Ana is currently a team member she can create, run and halt attacks, templates, schedules and has the ability to access team API management. Ana can also read team users.
We could alter Ana’s role and elevate her permissions by making her a Team Manager. This would give her team user, client, integration and secret management. She would be able to add users to her company, read all users, read team users, add and remove users from her team, manage team user permissions and manage team credentials.
In this step, you’ll explore how the Gremlin API can be used to automate the management of your RBAC for users, roles and permissions.
The Gremlin API docs are available to you within the Gremlin API here: https://app.gremlin.com/api.
You will find RBAC functionality under users, organizations (teams) and reports.security. The Security API is only possible to access by specific roles.
RBAC for Gremlin Free enables limited role and permissions in comparison to Gremlin Pro. You will notice with Gremlin Free team members are only able to have the role of Team User.
There are two additional roles available with Gremlin Free, these are Company Owner and Company User.
You've learned how RBAC (Roles-based access control) is a way to restrict access to certain functionality of your Chaos Engineering software. RBAC enables you to ensure every Chaos Engineering practitioner at your company has the correct level of permissions for running attacks, managing users and teams, as well as configuring account settings. You can also create automated reports that you audit to ensure users and roles are consistently correct and meet your expectations.