How RBAC can level up your Chaos Engineering

How RBAC can level up your Chaos Engineering

Introduction

RBAC (Roles-based access control) is a way to restrict access to certain functionality of your Chaos Engineering software. Here at Gremlin we recently released a new RBAC feature for Gremlin. RBAC is available for both Gremlin Free and Gremlin Pro customers. Gremlin Pro customers will have more features and flexibility provided by RBAC. This enables you to ensure every Chaos Engineering practitioner at your company has the correct level of permissions for running attacks, managing users and teams, as well as configuring account settings.

Prerequisites

Before you begin this tutorial, you’ll need the following:

RBAC for Gremlin Pro Customers

Gremlin Pro customers will have more flexibility and options available than Gremlin Free customers. RBAC for Gremlin Pro enables features such as a Team Manager role and more granular permissions.

Step 1 - Creating a Team in Gremlin

In this step, you’ll create a new Team within Gremlin.

First, open Gremlin Company settings and ensure you have selected Gremlin Company Teams.

Next click Create Team.

create gremlin team

Now you will be able to create your team. Choose a name, for example, the team name could be SRE.

gremlin rbac name team

Next, determine which members you would like to add to your team. Here I have selected to invite Ana and Rich to my SRE team:

gremlin rbac add team members

Step 2 - View and Edit Member Roles in a Gremlin Team

In this step, you’ll edit the member roles for users in a Gremlin Team.

First, click on the three dots to the right of Ana’s name and then click Edit Roles.

gremlin rbac view team

Now we can view and Edit Team roles for Ana.

gremlin rbac edit role

Ana is currently a team member she can create, run and halt attacks, templates, schedules and has the ability to access team API management. Ana can also read team users.

gremlin rbac edit team member roles

We could alter Ana’s role and elevate her permissions by making her a Team Manager. This would give her team user, client, integration and secret management. She would be able to add users to her company, read all users, read team users, add and remove users from her team, manage team user permissions and manage team credentials.

gremlin rbac elevate perms

Step 3 - Use the Gremlin API to manage RBAC users, roles and permissions

In this step, you’ll explore how the Gremlin API can be used to automate the management of your RBAC for users, roles and permissions.

The Gremlin API docs are available to you within the Gremlin API here: https://app.gremlin.com/api.

You will find RBAC functionality under users, organizations (teams) and reports.security. The Security API is only possible to access by specific roles.

RBAC for Gremlin Free Customers

RBAC for Gremlin Free enables limited role and permissions in comparison to Gremlin Pro. You will notice with Gremlin Free team members are only able to have the role of Team User.

gremlin free rbac team users

There are two additional roles available with Gremlin Free, these are Company Owner and Company User.

gremlin rbac free company user

Conclusion

You've learned how RBAC (Roles-based access control) is a way to restrict access to certain functionality of your Chaos Engineering software. RBAC enables you to ensure every Chaos Engineering practitioner at your company has the correct level of permissions for running attacks, managing users and teams, as well as configuring account settings. You can also create automated reports that you audit to ensure users and roles are consistently correct and meet your expectations.

Avoid downtime. Use Gremlin to turn failure into resilience.

Gremlin empowers you to proactively root out failure before it causes downtime. Use Gremlin for Free and see how you can harness chaos to build resilient systems.

Use For Free