Configuring Role Based Access Control

RunReveal supports Role Based Access Control for subjects accessing resources in your workspace.

We have configured a set of default roles to simplify the management of permissions assignment to users through those roles.

Each resource has 3 permissions defined: Read, Edit and Delete. Read allows read-only access to the class of resources including listing the instances of that resource. Edit allows for creation and updating that resources attributes and metadata. Deletion is required to remove a resource record from the database.

The following roles have been defined for workspaces: admin, analyst, operator and cibot. Below you will see their permissions enumerated.

Permission	Description	Admin	Analyst	Operator	CIBot
Read Workspaces	Read and List Source Configs	✅	✅	✅
Edit Workspaces	Create and Update Workspace configuration	✅
Delete Workspaces	Delete Workspaces	✅
Read Sources	Read and List Source Configs	✅	✅	✅
Edit Sources	Create and Update Source Configs	✅
Delete Sources	Delete Source Configs	✅
Read Destinations	Read and List Destination Configs	✅		✅
Edit Destinations	Create and Update Destination Configs	✅
Delete Destinations	Delete Destination Configs	✅
Read Queries	Read and List Named Queries and Detections	✅	✅	✅	✅
Edit Queries	Create and Edit Named Queries and Detections	✅	✅	✅	✅
Delete Queries	Delete Named Queries and Detections	✅		✅	✅
Read Reports	Read and List Reports	✅	✅	✅
Edit Reports	Create and Update Report Configs	✅		✅
Delete Reports	Delete Report Configs	✅
Read Analytics	Read and List Analytics Views	✅	✅	✅
Edit Analytics	Create and Update Analytics Configs	✅		✅
Delete Analytics	Delete Analytics Configs	✅
Read Notifications	Read and List Notification Channels	✅	✅	✅
Edit Notifications	Create and Update Notification Channels	✅
Delete Notifications	Delete Notification Channels	✅
Read Topics	Read and List Topics for Pipelines	✅	✅	✅
Edit Topics	Create, Edit and Delete Pipelines Topics	✅		✅

Using the CLI Model Context Protocol