Our customers rely on Virtyx to provide them access to critical systems whenever
(and from wherever) they need it. With the power that Virtyx provides, many of
our customers have requested a way to limit access to sensitive parts of their
infrastructure to a subset of their Virtyx users.
To fulfill this need, we’re excited to have just deployed a flexible mechanism
for granting access to specific functionality through role-based access control.
When you log into Virtyx and go to the Team page, you’ll notice that there is a
new “Roles” tab. To get you started, we’ve created an Owner role that has access
to the entire Virtyx system and added it to all of your existing users. If you
want to keep using Virtyx the same way you have been with all users having
access to your entire organization, you don’t need to do anything at all. If
you’d like to learn about configuring more granular access, read on!
Roles in Virtyx can do two things. They can grant access to system-wide
features, like the ability to create new scripts, and they can grant access to
features on specific groups of agents, such as the ability to access a shell
session. When you create a new role, you can configure which system-wide
features and which agent-specific features you want the role to grant access to.
Next, you’ll need to grant your role to users.
Permissions in Virtyx are strictly additive; if you give a user two roles and
one of them grants access to your API servers and another role grants access to
your fleet of desktops, then that user will be able to access both your API
servers and your desktops.
There are two permissions that deserve a special mention: “manage all agents”
and “manage users.” The default Owner role grants both of these permissions.
When you add the “manage all agents” permission to a role, users who have the
role will be granted full access to all agents in your organization, regardless
of whether they’ve also been granted access to any specific groups. The “manage
users” permission does pretty much what it sounds like; users who have been
granted roles with this permission will be able to invite new users and manage
access for existing users. It’s important to note that anyone who has the
“manage users” also have access to grant themselves any other permission.
We’re excited to hear what you think about this new feature! You can send
email to firstname.lastname@example.org, or find us on Twitter @virtyx_inc.