How Cerby manages roles

This article describes the existing roles in Cerby under the RBAC system and how they are managed.

Cerby Team avatar
Written by Cerby Team
Updated over a week ago

At Cerby, we have implemented roles to determine the tasks, functions, or activities each user can or cannot do on our platform.

These roles consist of sets of permissions that are part of a role-based access control (RBAC) system designed to maintain data security, streamline access management, enhance collaboration, comply with regulations, and ensure that sensitive information is protected.

The advantage of using role-based access management is that, after logging in to a Cerby workspace, users are automatically granted permissions depending on their role.

Cerby manages roles at a workspace and item level. Only administrators grant workspace-level roles, whereas any user can grant item-level roles when sharing their items.

This article contains the following sections to describe how Cerby manages roles and the benefits of using the RBAC system:


Workspace-level roles

Workspace-level roles determine the features of the Cerby platform available to the users, their access privileges, and their responsibilities. The actions users can perform within a workspace according to their role can be categorized as follows:

The following sections describe the actions for each category.

Workspace setup

Table 1 shows the specific actions users can perform to set up a workspace depending on their role.

Action

Guest user

User

Admin

Super Admin

Owner

Perform the initial workspace setup from an invite.

Yes

Set up single sign-on (SSO) and user provisioning with their identity provider (IdP).

Yes*

Yes*

Yes

Access and edit the workspace configuration.

Yes

Yes

Yes

* Read-only permissions

Table 1. Workspace setup actions

Workspace management

Table 2 shows the specific actions users can perform to manage a workspace depending on their role.

Action

Guest user

User

Admin

Super Admin

Owner

View the following events within the workspace and for all users through the Activity view:

  • New users

  • Role changes

  • Removed users

  • New items

  • Item reassignments

  • Deleted items

Yes

Yes

Yes

View the events for the items they are Owners through the Activity view.

Yes

Yes

Yes

Yes

View the billable accounts through the Billing view.

Yes

Yes

Yes

View all automation notifications through the Automation view.

Yes

Table 2. Workspace management actions

User management

Table 3 shows the specific actions users can perform to manage other users depending on their role.

Action

Guest user

User

Admin

Super Admin

Owner

Assign the Cerby product available to users through the Teams view.

Yes

Yes

Yes

Assign or change the workspace role of other users.

Yes

Yes

Yes

Access the All Members view.

Yes

Yes

Yes

Yes

View all users from their organization through the All Members view.

Yes

Yes

Export a report of users and their accounts through the All Members view.

Yes

Yes

View and add Guest users.

Yes

Yes

Yes

Yes

Create a self-managed team.

Yes

Yes

Yes

Yes

Delete any team.

Yes

Manage Team Members on all teams.

Yes

Yes

Assign Team Admins for all teams.

Yes

Yes

Yes

View all teams and Team Members within a workspace.

Yes

Yes

Yes

View the teams to which they have been assigned and the Team Members.

Yes

Yes

Yes

Yes

Yes

Add a partner and establish a connection with a guest workspace.

Yes

Yes

Yes

Yes

Approve a partner request in the host workspace.

Yes

Yes

Yes

Accept a partner request in the guest workspace.

Yes

Yes

Yes

Perform the following user management actions in local user workspaces:

  • Add new users.

  • Change the workspace-level role of other users.

  • Reset two-factor authentication (2FA).

  • Force password reset.

  • Remove users from the workspace.

Yes

Yes

Yes

Invite guest users to join Cerby through the All Members view or the Password Manager Importer.

Yes

Yes

Yes

Yes

Table 3. User management actions

Security hygiene tasks

Table 4 shows the specific security hygiene tasks users can perform depending on their role.

Action

Guest user

User

Admin

Super Admin

Owner

Automate 2FA enrollment for all Cerby-managed accounts through the Policies view.

Yes

Yes

Yes

Automate password rotation for all Cerby-managed accounts through the Policies view.

Yes

Yes

Yes

Table 4. Security hygiene tasks

NOTE: Currently, these actions are only available to Cerby Automate users.

Item management

Table 5 shows the specific actions users can perform to manage items depending on their role.

Action

Guest user

User

Admin

Super Admin

Owner

Access the Cerby dashboard.

Yes

Yes

Yes

Yes

Yes

Transfer items to Cerby through the Password Manager Importer.

Yes

Yes

Yes

Yes

Add an item to Cerby (account, secret, or collection).

Yes

Yes

Yes

Yes

Share an item to which they are Owners and assign the item role to other users (read the Item-level roles section).

Yes

Yes

Yes

Yes

Turn on All-Access Mode to view all accounts for recovery purposes.

Yes

Yes

View all the items shared with all teams.

Yes

Yes

Table 5. Item management actions


Item-level roles

Item-level roles determine the actions users can perform on items, and they can be categorized as follows according to the item type:

The following sections describe the actions for each item type.

Accounts

Table 6 shows the actions users can perform on accounts depending on their role.

Action

Collaborator

Owner

Log in to the accounts.

Yes

Yes

Manage shared access to accounts:

  • See the users with shared access to an account.

  • Share accounts with other users.

  • Remove Collaborators from accounts.

  • Change the role of other users on an account.

  • Edit the account details.

Yes

Manage the account security by turning on 2FA or rotating passwords automatically from Cerby.

Yes

Yes

Yes

See the account details.

Yes

Yes

See the password of an account.

Yes

Copy the password of an account.

Yes

Yes

See the users and teams with shared access to an account.

Yes

Delete accounts.

Yes

Table 6. Actions on accounts

Secrets

Table 7 shows the actions users can perform on secrets depending on their role.

Action

Collaborator

Owner

View the content of a secret.

Yes

Yes

Edit the details of a secret (name, body, and attachments).

Yes

View the users and teams with shared access to a secret.

Yes

Table 7. Actions on secrets

Collections

Table 8 shows the actions users can perform on collections depending on their role.

Action

Collaborator

Owner

View the accounts and secrets within a collection.

Yes

Yes

View the collection details.

Yes

Edit the collection details.

Yes

View the users and teams with shared access to a collection.

Yes

Table 8. Actions on collections


Benefits of RBAC

The following are the benefits of using the RBAC system in Cerby:

  • Enhanced security: Access to sensitive data and features is restricted. Only users with specific roles can perform critical actions, reducing the risk of unauthorized access and data breaches.

  • Access control: Fine-grained control over what users can and cannot do. Administrators can assign roles and permissions according to each user's job responsibilities.

  • Compliance and auditing: Organizations can implement access controls and audit trails, which are essential for demonstrating data security and compliance with industry and legal standards.

  • Streamlined onboarding and offboarding: New employees can be quickly assigned the appropriate roles and permissions while departing employees can have their access revoked just as easily.

  • Efficient collaboration: Users have the necessary access to work together effectively. RBAC allows organizations to balance the need for collaboration with the need for data security.

  • Resource management: RBAC assists in optimizing resource allocation. It ensures that resources are used efficiently and that access to costly or limited resources is restricted to only those who require them.

  • Transparency: RBAC offers transparency in access control, making it clear who has access to what resources and why. This transparency can foster trust and accountability within an organization.

Did this answer your question?