What's Required With Instana's Granular Role-Based Access Control

DZone 's Guide to

What's Required With Instana's Granular Role-Based Access Control

When adding Role-Based Access Control (RBAC) capabilities for our growing enterprise customers, we wanted to do more than just add access control.

· Performance Zone ·
Free Resource

At Instana, we've spent years democratizing access to Application Performance Monitoring (APM). So when it came time to enhance the Role-Based Access Control (RBAC) capabilities for our growing enterprise customers, we wanted to do more than just add access control. We wanted to add value for our users, not just limit their access.

Across the board at customers, we've seen large increases in the number of developers and operators using Instana daily. With the number of developers, operators, and teams constantly growing, it's even more essential to deliver the right insights to the right person at the right time so they can make the best possible decision at any given moment. This need grows as the application environments become more complex over time.

Any organization dealing with distributed, microservices-based applications needs RBAC to be inclusive, meaning the more groups a person or team is added to, the more access they have to the product. This ensures end-users always have the full context needed to deliver the best experience possible to their customers.

Instana's RBAC also has an added benefit, along with helping users focus on the areas of the product they're responsible for, it is also more secure for their customers. By giving access only to the areas required to do their job, it limits the number of users that have access to sensitive information. This is why having tight access control is a key component of passing security certifications such as meeting SOC 2 compliance.

Easy and Granular Role-Based Access Control

Instana's easy to use, granular RBAC keeps users focused on the areas of the product they're responsible for. Limiting the number of visible Applications or Services to those that are relevant to a specified group, ensures engineers are not overwhelmed by the noise of applications and services they're not responsible for.

Within Instana's RBAC, every user is assigned a role. Out of the box, Instana's RBAC comes with two available roles — Default and Owner. The Default role has all permissions disabled until they are added to specific groups. Users that are created through SSO or LDAP authentication are automatically assigned to the Default role. The Owner role has all permissions enabled by default. Administrators can also create custom roles, which can be assigned any combination of permissions deemed necessary.

Create and Manage Groups/Permissions

Creating groups in Instana is how permissions are granted to users. Groups are generally used to organize, ensuring that all teams have access to the data they need to successfully manage their use cases. Within each group, you can define the permission to enable areas of the product like:

Define Access Areas

Once an area of the product has been added to the group, you can further grant access to specific areas within each product.

Websites (End User Monitoring): Enable access to specific monitored websites and decide whether to permit access to the full analytics for those monitored websites.

Mobile: Enable access to mobile applications being monitored and determine if users should be enabled access to mobile analytics.

Application: Grant permissions for specific Application Perspectives that include the surrounding infrastructure, all traces that have a call or calls matching the criteria of the Application Perspective, and all services of the Application Perspective.

Kubernetes: Grant permissions for things like all namespaces within a specified cluster and determine if the surrounding infrastructure should also be permitted.

Instana has ensured that even with RBAC in place, users can still get the full context of what they're viewing with Context Guide. Context Guide provides users with the complete upstream and downstream stack of the specific service, application, or infrastructure being viewed. This ensures that users always have the full context they need to make appropriately informed decisions.


instana, performance, rbac

Published at DZone with permission of Jon Skog . See the original article here.

Opinions expressed by DZone contributors are their own.

{{ parent.title || parent.header.title}}

{{ parent.tldr }}

{{ parent.urlSource.name }}