Browse Docs

Role‑Based Access Control (RBAC)

DefensX’s management portal provides a role‑based access control (RBAC) system at two levels: partner (dealer) level and customer level. RBAC ensures that administrators have only the permissions required for their role and that policy changes are applied to the correct set of users.

1. Overview of RBAC structure

On DefensX Backend, RBAC is enforced by creating Admin Teams and grouping admins in these teams. This ensures that some admins are Global Partner Admins, while others are Limited Admins.

  • Global Partner Admin – a special administrator type with full control over all customers under a partner account. Partner admins can create other admins, manage teams, customers, global tools, billing, integrations, and more.

  • Limited Admin – an administrator with limited permissions, usually scoped to a particular customer or a bunch of customers. Admins can manage policies and users within their assigned customer(s) but cannot access partner‑wide billing or global settings.

  • Admin Teams – collections of admins. Teams are used to collect some admins in a limited scope to restrict access to certain customers or certain backend services.

2. Partner Level RBAC

At the partner level, RBAC is implemented by creating admin users, grouping them into teams, and assigning rights to access different partner functionalities and customers. Under Global Tools, Admin Users & Teams menu includes two tabs to list and manage admins and teams.

Admins Users & Teams

The Team Management tab displays administrator teams. Teams allow global partner admins to organize administrators (for example, by customer or function). To create a team, there must be at least two admin accounts; otherwise, an error message indicates that more than one admin is required. When available, clicking New Team opens a form to name the team and select which right admins in this team will have. Teams simplify permissions management by allowing partner admins to grant or revoke access to entire groups of administrators.

Admin%20Users%20&%20Teams

Click New Team to create a team.

Edit%20Team

Partner actions can be hide out from the admins by selecting No Permission. Read Only access will give them the right to check for settings but they will not be able to edit them. While Read & Write will give a complete control over these actions. In the same way, No Permission on Customer Access will hide that customer from those admins in this team. Read Only admin would only be able to check those customers while Read & Write permission will make those admins the partner admin for those customers.

Add%20Users

Add admin users to the team from the Member section which you can access through the menu of that team or by clicking the number on the Members column where teams are listed.

3. Customer‑level RBAC

When a partner admin switches into a specific customer, a different RBAC layer governs that customer’s environment.

Admin privileges at the customer level can be assigned per user via the Admin column on the Users menu. Users marked as Admin can manage policies and users for that customer but do not have partner‑wide access. There is also a seperate Admin Users & Teams menu on the customer level which can be used to create multiple Teams for customer’s internal usage. * No Access means only Dashboard visibility without any access to any configuration settings including policies, users, etc. * Read Only means all settings can be accessed without any edit permission. * Read & Write gives complete control over the customer.