Role-Based Access Control
This document is specific for the API Monitoring functionality. The Role-Based Access Control feature requires a qualifying plan. Contact Sales to get started.
Role-based access control (RBAC) is a feature for teams that want to manage user's access to managing, editing, and viewing specific tests, buckets, and account features.
With RBAC you can:
- Allow users to have admin access to team's features such as RBAC itself, File Uploads, or billing details.
- Create a group that only has access to Bucket A and B, but not Bucket C.
- Create separate roles with different levels of access for developers, managers, Q&A, contractors, etc.
In this article:
How RBAC Works
RBAC in BlazeMeter API Monitoring has three important elements: groups, roles, and permissions.
Groups
Groups are a way for team administrators to control team members access to private buckets. For example:
- You can have a group named "Internal", where team members that are part of that group only have access to BlazeMeter API Monitoring buckets that are related to internal APIs.
- You can have another group named "Contractors", where team members only have access to a select number of buckets that they're currently working on.
Buckets are set to public by default after they are created, and can be set to private by accessing the bucket's settings.
Users have a one-to-many relationship, so users can be a part of multiple groups at the same time. If a user is a part of multiple groups, they will have access to all of the buckets that are included in all of the groups they are a part of.
Users with “Manage Private Buckets” permission can access all the private buckets of the organization without creating a Group.
Roles and Permissions
Roles and permissions are a way to organize the level of access each team member can have. For example:
- A user can have a role of "Developer". That user will have a set of permissions that are related to development tasks, such as creating new tests, viewing tests, editing/modifying tests, deleting tests, etc.
- Another user can have a role of "Management". That user will have a set of permissions that allows them to view tests, but doesn't allow them to create or edit new tests. They can view the status and health of any API monitors, but won't be able to make changes to current test configurations.
Each team member can only be assigned one role. Each role can have any combination of permissions enabled.
Users can not delete the built-in default roles/groups such as Administrator, Read-only Members and User Group.
The list of permissions is as follows:
List of Permissions
| Name | Description |
|---|---|
| View Tests | View all tests within a bucket |
| Execute Tests | Run or cancel tests within a bucket |
| Modify Tests | Create and edit tests within a bucket |
| Delete Tests | Delete tests within a bucket |
| Share Test Results | Share the results of a test |
| Manage Test Schedules | Add, modify, and delete test schedules within a bucket |
| Export Tests | Export tests within a bucket |
| Modify Shared Environments | Add, modify, and delete shared environments within a bucket |
| Add Buckets | Add new buckets |
| Modify Buckets | Modify bucket settings (change name, delete, etc.) |
| Manage Private Buckets | Manage all private buckets |
| Add Connected Service | Add a connected service |
| Delete Connected Service | Delete a connected service |
| Modify Script Libraries | Modify script libraries |
| Delete Script Libraries | Delete script libraries |
| Gateway Agent Authentication | Authorize to sign in via the Gateway Agent |
| Radar Agent Authentication | Authorize to sign in via the Radar Agent |
| View Team Members | View all members of a team |
| Manage Team Members | Add or delete team members |
| Invite Team Members | Invite members to a team |
| Change Team Name | Change team name |
| View Team Usage | View team usage |
| View Team Groups | View group permissions and membership |
| Modify Team Groups | Modify group permissions and membership |
| View Team Secrets | View the list of all sensitive variables |
| Manage Team Secrets | Create, edit, and delete sensitive variables |
| Manage File Uploads | Upload and delete files |
| View Billing | View billing information for a team |
| Manage Billing | Change billing information for a team |
| View Bucket Secrets | View the list of all sensitive variables at the bucket level |
| Manage Bucket Secrets | Create, edit, and delete sensitive variables at the bucket level |
| View Team Secrets | View the list of all sensitive variables at the team level |
| Manage Team Secrets | Create, edit, and delete sensitive variables at the team level |
Create and Manage Groups
Only the team admin or users with Team Group permissions will be able to manage groups.
Follow these steps:
- After logging in to your BlazeMeter API Monitoring account, click on your profile on the top-right and select Teams & Usage.
- On the left-hand side, click on Team Members under the team that you want to manage.
- Under the Team Groups section, click Add New.
- Name your group and click Create Group.
- Click the new group name.
- Under the Private Buckets section, use the search box to search for private buckets under your account. Click Add Bucket to add a bucket to the list. Use the checkbox next to each bucket if you want to remove it from the list.
- Under the Members section, enter your team member's email address that you want to give access to the buckets in the selected user group and click Add Member.
- Click Save.
Create and Manage Roles and Permissions
Create a New Role
Follow these steps:
- In API Monitoring, click your profile on the top-right and select Teams & Usage.
- From the menu on the left, select Roles and Permissions.
Note: By default, BlazeMeter API Monitoring creates three roles for every team with the RBAC feature enabled. These are protected roles and can't be edited: Administrators, Read-only Members, and User Group. - To create a new role, click Add Role.
- Name the role.
Example: If you want to create a new role with permissions to manage secrets at the bucket level, you can name the role Manage_Buckets. - Click Create Role.
The role shows in the list of roles. - Click the new role and from the list of permissions, check the boxes for any permissions that you want the new role to have access to.
Example: If you want to assign permissions to manage secrets at a bucket level, check Manage Bucket Secrets. Team members with this role will have permissions to create, edit and delete secrets at the bucket level. - Click Save.
Edit a Role
Follow these steps:
- In API Monitoring, click your profile on the top-right and select Teams & Usage.
- From the menu on the left, select Roles and Permissions.
- Select an existing role that you wish to edit.
- In the list of permissions, check or uncheck the boxes for various permissions, as needed.
- Click Save.
Assign a Role to a Team Member
Follow these steps:
- In API Monitoring, click your profile on the top-right and select Teams & Usage.
- From the menu on the left, click Team Members.
- Scroll down to the Team Members section and select the team member that you want to assign the role to.
- From the drop-down list next to the name, select the role.
Example: Earlier you created a new role called Manage_Buckets with permissions to Manage Bucket Secrets. When you assign the role, the team member will have permissions to create, edit and delete secrets at the bucket level.
For extra convenience, make use of the team member live search functionality and control the page size by which to view your team members.
For more information on managing teams, see API Monitoring Teams.