Humanitec allows developers to get their everyday DevOps tasks completed without support from the DevOps team. We know that controlling access and permissions is a crucial aspect of an Internal Developer Platform. Today, we’re excited to announce that we are making Role-Based Access Control generally available on Humanitec. This allows Operations teams and Managers to control access to certain information and actions (such as deployments to production).
Role-based access control for greater productivity and security in your team
Role-based access control (RBAC) is a way of managing authorization. In RBAC, permissions are collected together into roles which are assigned to users depending on their job or function within an organization. RBAC makes managing permissions easier because it allows you to think about the job a user has rather than the exact permissions someone needs on a case by case basis.
Why is this important?
Allowing all users on your team full access to all functions within an application presents a maintenance and security risk. In the very worst case, this makes you vulnerable to malicious intent, but it can also mean that people can accidentally make changes to things they should not. Let’s say you want to grant a third party such as a contractor or consultant access to your application. With RBAC, you could assign them a role on a single application in your organization. This would limit the reach this person has to just what they are supposed to work on.
RBAC can reduce the impact of user errors. By carefully assigning all users the correct roles based on position and function, you can prevent and limit the “blast radius” of accidental or unintended changes. This can provide some protection to production infrastructure and services.
Okay now, how does it work in Humanitec?
In Humanitec, RBAC enables developers in your team or from across your organization to collaborate on tasks related to delivering software efficiently without having to worry about security issues. Each user in Humanitec can have roles in an Organization, Application or Environment Type.
1) Organization level roles in Humanitec
Organization roles cover permissions that affect the entire organization in Humanitec. This includes user management, API tokens, images, resources, and apps. Organization roles can be assigned and managed in the settings of each organization. There are three different ‘Organization Roles’ a user can have: Member, Manager and Administrator.
- Member: Can access applications they have a role for.
- Manager: Same as the Member Role. In addition, can invite and remove users from the organization in Humanitec, issue API tokens, and create applications.
- Administrator: Has full access to everything within the organization in Humanitec.
2) Application level roles in Humanitec
Application roles cover permissions that affect a specific app and can be configured in the settings of each application. Users can be assigned the Viewer, Developer or Owner Role.
- Viewer: Has read-only access to the app.
- Developer: Can update configuration, shared values and secrets, and create environments.
- Owner: Same as the Developer Role, but can additionally configure webhooks, invite and remove users from the app, and delete the app.
3) Environment types roles in Humanitec
Users can be assigned the Deployer Role for an environment type in the settings of each organization.
- Deployer: If a user has the Developer or Owner Role of an app, they can create, deploy, and delete environments of this environment type.
When planning your RBAC strategy it is best practice to follow the “Principle Of Least Privilege” (POLP). The idea is that any user of a system should only have the minimum set of permissions necessary to get their job done.
What is now possible?
Let’s look at examples of how RBAC can be applied in Humanitec for different use cases.
- Only authorized users can affect production: It’s crucial to ensure that you can limit the amount of authorized users with permission to deploy to a live production environment in your developer team. RBAC allows us to manage this in a flexible and straight forward manner. Environment permissions can easily be applied and revoked depending on an employee’s role and responsibilities. For example, when engineers are put on-call, they can be granted access to the production environment for the time of their shift.
- Everything is visible, only some is editable: Assigning limited viewer roles on applications and other resources allows organizations to have an “open” setup where teams can easily see what other teams are working on. This comes in handy when onboarding new team members. With viewer-only rights they can explore the entire production landscape while being granted edit-access to a test application set up for onboarding purposes.
- Only access the applications relevant to you: In certain cases, it is important that teams only see the applications they are working on. This is especially useful when working on private side projects that should only be accessible by a strictly defined set of users. By limiting the scope of access rights, the project owner can ensure that the project is only seen by its collaborators.
How will current users of Humanitec be affected by RBAC?
By default, all users that are part of an organization will have the "Administrator" role on that organization. We suggest that you review and update access to Humanitec for existing users. New users will be invited with a specific role.