RBAC(Role Based Access Control) Feature - With UBA v4.1.16, clients can now leverage role base access control within UBA. The roles are bifurcated into Admin, Tenant admin and Read-only. Let's go in-depth to understand how this helps and finally guide on how to configure it in your environment.
What is RBAC?
Role-based access control (RBAC), also known as role-based security, is a mechanism that restricts system access or in this context access to modifying settings and functionalities within UBA App. It involves setting permissions and privileges to enable access to certain areas or actions to a list of authorised users. Most admins within a software use role-based access control to provide the users/tenants with varying levels of access based on their roles and responsibilities. This backs up the topic of providing information on a ‘need-to-know or need-to-share’ basis which in turn increases security and reduces vulnerabilities.
Benefits of RBAC
There are multiple benefits to using RBAC, including the following:
Improved operational efficiency:
RBAC allows an admin to quickly add and change roles and directly implement them on the list of users. It also cuts down human error when assigning permissions.
Enhanced compliance:
Ability to meet regulatory and statutory requirements for confidentiality and user data privacy by managing what data can be accessed and used.
Reduced costs:
By not allowing user access to certain processes and applications, companies can conserve or more cost-effectively use resources such as network bandwidth, memory and storage.
Configure RBAC on your QRadar instance
Let’s go over the steps to set up the two roles - tenant admin and read-only and observe the differences between both.
In this example, we have already created read-only and tenant admin roles in Admin > User Management > User Roles. To create your own rules you can click on the ‘New’ button in the User Role Management, give a name to the role and select the access areas. Figure 1 and Figure 2 contain examples of rules that are set for tenant admin user and read-only user respectively in User Role Management. You can see that the read-only user has limited viewing / configurations / modification permissions. It is up to you on how you would like to set these permissions for your own roles.
Figure 1: Rules set for tenant admin user
Figure 2: Rules set for read-only user
Now corresponding to each role we have created a user (see Figure 3) and assigned them the user role tenant admin or read-only.
Figure 3: Users set for each specific role
Now, let’s login through the read-only user’s account to observe the functionality taking place. In Figure 4, you can see we have logged into User Analytics from our created read-only user. Afterwards, if we navigate around the console (see Figure 5), this user is unable to alter UBA Settings, User Import and Rules and Tuning. Furthermore, read-only users can access Machine learning models, their settings, but cannot enable/disable the models (see Figure 6).
Figure 4: Overview of QRadar User Analytics from the perspective of the read-only user
Figure 5: UBA Settings, User import and Rules and Tuning are disabled for the read-only user
Figure 6: Read-only users view of the Machine Learning Settings
From the tenant admin user’s account, if we navigate around the console (see Figure 7), the user is able to alter UBA Settings, User Import and Rules and Tuning. This user can also access Machine learning models, change their settings and enable/disable the models (see Figure 8).
Figure 7: Overview of QRadar User Analytics from the perspective of the tenant user. UBA Settings, User import and Rules and Tuning are enabled
Figure 8: Tenant users can access Machine learning models, their settings, and also enable/disable the models
TL;DR - UBA v4.1.16 introduces Role-Based Access Control (RBAC), allowing clients to manage access with Admin, Tenant admin, and Read-only roles. This enhancement improves security and simplifies user management. The blog post details the benefits and provides a configuration guide for implementation. For more information, check out IBM's official documentation on UBA App.