NEW! Role-Based Access Control in ControlUp Edge DX

Within an organization, different employees have different roles and responsibilities, and the tools they use need to reflect this. In support of this need, ControlUp Edge DX now has a finer-grained access control mechanism—Role-Based Access Control (RBAC)—that allows you to give your employees the exact permissions they need to do their jobs… and only those they need.

Do you need to give your first-level support teams the ability to view metrics on your users’ endpoint devices, so they can help verify productivity issues that remote workers are having? You can now create a role that allows that! Do you want to give your second- and third-level support engineers the ability to remotely interact with the console of a user’s endpoint device and then run a script to correct issues that they find? You can set up a couple of roles that allow it! You can even set up a role that allows managers to run reports—such as the battery lifespan—on the laptops in an organization.

Introducing Role-Based Access Control in ControlUp Edge DX

Role-Based Access Control in ControlUp Edge DX









The point of role-based access control is that we need to give our teams the exact permissions they need to complete their tasks and no more. The key word in role-based access control (RBAC) is “role.” Using roles, you can assign users—or groups of users—to a role that grants them only the permissions that they need to do their jobs. Since users are not assigned permissions directly, but through the role assigned to them, the management of individual user rights becomes a matter of simply assigning users the appropriate roles. 

Take a look at the image below. It’s a greatly simplified schematic of a RBAC scheme that maps the permissions the users in this hypothetical organization have via the role that they are assigned.

Schematic of RBAC scheme

Below, I will show you some of the built-in roles that Edge DX comes equipped with and then how easy it is to create new roles and assign users to them.

To see the existing roles in Edge DX or to create a new role select Access Control from the Configuration drop-down menu. 

ControlUp Edge DX Configuration Drop-Down Menu

By selecting the Users tab, you can see your existing users or add new ones. These can be placed in any one of your existing roles, or a new role can be created and given the exact properties needed by its users. 

Before we create a new role, let’s look at the built-in roles by selecting the Roles tab.

View built-in roles by selecting the Roles tab

By selecting the Full control role and expanding the permissions tree, you can see that the users with this role have full access to everything in Edge DX. 

RBAC Permissions Tree in ControlUp Edge DX

Obviously, we don’t want all our users to have all permissions, so another built-in role is the Viewer role that only has permissions to view events and run reports.

"Viewer" role as seen in RBAC in ControlUp Edge DX

Although these two built-in roles are useful, the reality is that an organization is far more complicated than that so let me show you how easy it is to set up a role that will only give first line support the ability to remotely view a user’s console and reboot a system. 

To create this role select Create New Role, enter a name for the role (i.e., FirstLevelSupport) in the Name text box. Under Permissions expand Device Actions and select Remote Shadow and Power Actions and then click Save Role. That’s all it takes to create a new role!

Create a new role with RBAC in ControlUp Edge DX

It’s just as easy to assign a user to your roles. This is done by selecting the Users tab, then selecting a user, selecting the role that you want them to have from the Role drop-down menu, and then clicking Change Role. 

Edit user role using RBAC in ControlUp Edge DX

That’s all there is to it! The next time the user logs on or refreshes their Edge DX dashboard, they will have the permissions described by that role.

To see how these roles limit a user’s access, let’s look at what options are shown in Edge DX by looking at a user that has been assigned the Full Control role and then a user that has been assigned a first level support role.

In the Assist drop-down menu, we see that a user with a Full Control role is presented with the different mechanisms that Edge DX allows a user to interact with a device, including interacting with the console directly using Remote Control or running commands on the user system by selecting Remote Shell.

Assist menu in ControlUp Edge DX

A user with a first-level support role only is presented with the power options and in the Assist drop-down menu, they are limited to the Remote Shadow option, which will let them view a user session, but not interact with it directly. 

First-level support role in Control Up Edge DX

Since Edge DX is a SaaS offering, it is maintained and updated by ControlUp, so these new RBAC features are now available on your dashboard under the Access Control option in your configuration drop-down menu.

In less than a dozen clicks, you will be able to new create roles and assign users to them, which is amazing, but what is even more amazing is that, by doing so, you will greatly enhanced the security of your organization by giving your users only the permissions they need to complete the tasks they need to do to assist your workers. 

If you are not currently using Edge DX and would like to see how it improves the digital experience of your users, schedule a demo and get started today!


About the author

Tom Fenton

Tom Fenton is a Technical Marketing manager here at ControlUp (in addition to an all-around great guy). He’s THE subject matter expert for Edge DX, our physical endpoint monitoring solution, as well as an expert in all things VMware (FACT: he used to work at VMware, teaching their employees about their technology). He creates valuable, educational content for the ControlUp blog, leads deep-dive webinars, and educates our sales teams and other IT professionals with tips and tricks about how to use ControlUp solutions. In his spare time, he writes for and Virtualization Review magazine, and enjoys outdoor sports in the Pacific Northwest. Connect with him on Twitter @vDoppler.