Role-Based Access Control (RBAC)
AppTrana’s Role-Based Access Control (RBAC) is designed to help enterprises securely manage user access across large organizations. As teams grow and responsibilities become more segmented, the need for granular control over what each user can view or modify becomes critical.
RBAC empowers Customer Admins to define access based on users’ job functions, ensuring that only the right people have access to the right information, reducing both operational risks and potential security exposures.
Preconfigured Roles in AppTrana
By default, AppTrana supports three roles, each with different access privileges:
| Role | Scope | Access Rights |
| Customer Admin | Account-wide | Full access to all sites, can manage users, assign roles (including custom ones) |
| Website Admin | Assigned sites only | Can manage settings within assigned sites; cannot manage users or roles |
| Read-only User | Assigned sites only | Can only view data; cannot make any changes |
What is New – Company Roles (Custom Roles)
To cater to more granular use cases, AppTrana now introduces Custom Roles (also known as Company Roles) which allow Customer Admins to:
- Restrict access at the site and feature/tab level
- Assign permissions as Read/Write, Readonly, or Hidden for each tab
- Customize user access based on business roles (e.g., Risk Analyst, IT Engineer, Security Ops)
Custom roles are not available for API-based authentication as of now.
Custom Role Permissions – Feature Tab Matrix
Feature Tab | Configurable in Custom Roles? | Available Permission Options |
|---|---|---|
| Dashboard | No | Always visible |
| License & Utilization | No | Not visible to custom roles |
| Vulnerabilities | Yes | Read/Write /Readonly/ Hidden |
| Attacks | Yes | Read/Write /Readonly/ Hidden |
| DNS Settings | Yes | Read/Write /Readonly/ Hidden |
| Application Settings | No | Not visible to custom roles |
| Bandwidth & Usage | Yes | Read/Write /Readonly/ Hidden |
| Reports | Yes | Read/Write /Readonly/ Hidden |
How to create Custom roles (Role Based Access Control)
- Log in as Customer Admin
Only users with the Customer Admin role can manage and assign roles.
2. Navigate to the Settings section
3. Click on "Company Roles" to manage roles.
This tab offers a centralized view for Customer Admins to manage all users and their assigned roles within the AppTrana portal.
4. Click Create New Role
5. Enter the Role Name
By default, custom roles start with Read-Only access to all configurable tabs.
6. Adjust permissions per tab when creating or editing a custom role.
| Role | Description |
| Read Only | View Only |
| Read/Write | View and perform actions |
| Hidden | Tab is not visible to the user |
7. Click Save
You can create up to 5 custom roles per account.
How to Edit or Delete a Role
- To modify an existing custom role, click Edit and adjust tab access.
- To remove a role, click Delete.
- Click yes to process
How to Assign Role to a User
- Navigate to Company Users
The Company Users tab provides a centralized view of all users associated with your AppTrana account. From this tab, Customer Admins can view user details, assign or update roles, and manage user access.
2. To assign role, click Edit next to the user you want to modify
3. A pop-up window appears. Enter/edit user details:
- First Name
- Last Name
- Business Email
- Company Phone Number
- Optionally enable 2FA for the user
4. Click Next
Assign Role per Site or Group
In the next screen:
5. Use the search bar to find onboarded sites
6. Assign access on a site-by-site or group basis
7. Select the role you want to assign: either preconfigured or custom
8. Click Save
The user has been given a custom role with limited permissions.
Users can have mixed roles. For example, they could be Website Admin for Site A and a Custom Role user for Site B.
Role-Based Access Control in Action
Customer Admin - Assign Custom Role and Site Access
Cybersecurity Analyst – Limited Module Access