Role-Based Access Control
Sumo Logic supports Role-Based Access Control (RBAC) to allow Administrators to customize system access.
Users are not assigned permissions directly, but inherit permissions through roles (or even through a single role). Role assignments can grant users permissions to access some data sets, or can restrict users from accessing types of data.
To manage users and roles, you must have the Administrator role or your role must have been assigned the manage users and roles capability.
These benefits extend beyond IT or operations functions. For example, let's say we're designing a role for a sales team. The sales team needs a very targeted subset of data to see who is accessing a portal, giving them insights that they can use to go after leads or cultivate prospects. Or, for a completely different example, in a hospital setting, data related to patient’s personal information uploaded from a specific Collector can be completely segregated from other data types, making sure that both security and patient confidentiality policies are met simultaneously.
Administrators benefit from a more streamlined user management process with RBAC. Instead of creating permissions based on a user, and then having to repeat the process with every user, Admins can simply assign roles to a user's account. For example, an IT group can quickly be assigned a role that sets access and permissions that should be identical across the team. You'll set up the role once, then assign it to each user with just a few clicks. Roles can be created on a per-group basis, per-job function basis, and so on.
RBAC can also help with site-specific data. Perhaps an Admin would like to assign roles to users geographically, where a group in one location is managed through one role, while a similar group at another site is assigned a different role—each group has access to site-specific data, allowing them the permissions they need to perform their duties, while preventing sensitive information from leaving a site.
In addition to data access, user roles are also used to grant permissions to Collectors, restricting access to Collector management (which refers to installing, upgrading, and monitoring Collectors) to only the users who need that level of control over the operations of a Sumo Logic account.
Managing Users and Roles is handled by toggling between user management options and role management options. All user creation and editing is available via the Manage > Users page, while all role creation and editing is done through the Manage > Roles page. To toggle between the pages you can click the View buttons in the top right of each page.