Skip to content

RBAC Capability

Overview

The RBAC Capability is designed to automate the creation of groups, custom roles, role assignments, and synchronization between the Secure platform and Azure Active Directory (AAD).
It ensures that no duplicate groups are created, roles are assigned accurately, and that notifications and logging are effectively managed throughout the workflow.
This streamlined approach enhances efficiency and accuracy in access management.

Detailed Description

Features offered by RBAC

  1. Creation of Secure Groups
  2. Creation of Custom Roles
  3. Role Assignments
  4. Deletion of Groups
  5. Deletion of Custom Roles

Creation of the groups and custom roles

  • The Create endpoint accepts an Excel file containing details for a group, role, and role mapping.
  • It performs input validation immediately and returns an “accepted” response. The user is then instructed to check status in the Azure Storage Table after 10 minutes. The process is asynchronous and orchestrates three steps: – Group creation (via a secure API) – Role creation (via Azure API) – Role mapping (via Azure API)
  • If the provided group already exists in the secure system, the workflow skips group creation and proceeds with role and role mapping.

Architecture for Creation of groups img

Creation of groups

The Group Creation takes needs the parameters such as group name, description,Tenant-Name,Group-Owner.The Secure Group Creation Api is called to create the group in the secure platform. Using these parameters, the group is created in the secure platform and Azure Active Directory (AAD).

Creation of custom role
* Custom Role Creation takes the parameters such as role name, description, action and not action items and the Assignable scopes. * Using the Above parameters the Azure Rest Api is called to create the custom role in Azure.

Creation of role assignment
- The Role Assignment takes the parameters such as group name, role name . The Role Assignment will be done between the Given Rolename and Group Name. - The Group Name and Role Names should Exist in the Roles and Groups Sheet.

Deletion of the groups and custom roles

  • The Delete endpoint accepts an Excel file containing details for a group, role.
  • It performs input validation immediately and returns an “accepted” response. The user is then instructed to check status in the Azure Storage Table after 10 minutes.
  • The process is asynchronous and orchestrates three steps:
  • Group Deletion (via a secure API)
  • Role Deletion (via Azure API)

Architecture for deletion of groups img

Deletion of groups
- The Group Deletion needs the parameters such as group name, Requester Employee ID,Subscription-Id, Justification to delete the Group.The Secure Group Deletion Api is called to Delete the group in the secure platform. - Using these parameters, the group is Deleted in the secure platform and Azure Active Directory (AAD). - The Role Assignments For Group in the Subscription which is given in the request will be deleted.

Deletion of custom role
- Custom Role Creation takes the parameters such as role name and the Assignable scopes. - The Role Assignments For Custom Role in the Given the Scope Subscription which is given in the request will be deleted. - Using the Above parameters the Azure Rest Api is called to Delete the custom role in Azure.

Responsibilities

  • Postman should be installed.
  • The Excel Document should be created with the required parameters
  • Port Forwarding should be done to the local machine to access the API.Scroll to Setup Kubernetes Section in the Provided Link You will Also see the Steps To Use these Endpoints User Guide Details

Benefits and Business Case

  • When the large number of groups and custom roles are created in the secure platform and Azure Active Directory (AAD) it is difficult to manage the groups and roles.
  • The RBAC capability provides a streamlined and automated approach to manage the creation, deletion, and assignment of groups and custom roles.