Role-Based Access Control

Role-Based Access Control (RBAC) is a platform wide feature that determines what features and content users can access when interacting with Riverbed Console. Roles are assigned through the User Management page and map to specific sets of permissions that control access to functionality across different modules and features.

When the user logs in, the system evaluates all roles assigned to the user's account, determines all permissions from those roles, and then dynamically filters the UI based on those permissions. RBAC ensures that users see, or have access to, only the content and features they are authorized to use, creating a streamlined and secure user experience.

How RBAC Controls UI Content Visibility

The RBAC system uses a granular permission-based approach where each role is mapped to specific permissions. These permissions determine what actions the user can perform and what content is visible in the user interface.

Permission Categories

Each role contains a set of permissions that control different aspects of the interface:

  • UI Elements: Which buttons, menus, and controls appear in the interface. Action buttons are enabled or disabled based on the specific permissions required for each action.

  • Data Access: Which information is visible to the user. Search functionality requires appropriate search permissions.

  • Feature Availability: Page tabs and sections are shown or hidden based on read permissions for each area. If the user lacks the required read permissions for a section, that section is not displayed. Pages the user cannot access at all show an "Access Denied" message.

  • Settings Access: Which configuration options can be viewed or modified. View-only access requires read permissions, while modification requires update permissions.

How Permissions Are Evaluated

The system checks permissions at multiple levels:

  • Page-Level Access: When the user navigates to a page, the system checks if the user has the minimum required permissions. If the user lacks access to the entire page, they will see an "Access Denied" dialog.

  • Tab-Level Visibility: Within pages that have multiple tabs, each tab is displayed only if the user has the corresponding read permission.

  • Action-Level Control: Individual buttons and actions are enabled or disabled based on the specific permissions required.

  • Data-Level Filtering: The data the user can view is filtered based on the user's read permissions.

Available Roles

The system includes several predefined roles that can be assigned to users:

  • Platform Admin: Full administrative access to all system features and settings.

  • Platform Write: Can create, modify, and manage content and configurations, but cannot access administrative functions.

  • Platform Read: Read-only access to view content and information. Cannot create, modify, or delete any content or settings.

Note: You can assign multiple user roles to a single user. For instance, a single user can have both Platform Read and Platform Write roles.

In addition to these general roles, module-specific roles are available for features like the Packet Capture Module (PCM). For information about PCM-specific roles, see PCM Role-Based Access Control.

For detailed information about role capabilities and access levels, see User Role Definitions.