Monitor RBAC
production
A
RBAC overview
Inheritance model and system summary
Users
8
6 active
Groups
5
Nested up to 3 levels
Roles
6
Direct + inherited
Inheritance model
Groups
Engineering
→ Backend
→ Frontend
Ops
Admins
Roles on groups
viewer
editor
deployer
admin
Users inherit
alice
bob
carol
+ 5 more…
Users inherit all roles from every group they belong to — and transitively from parent groups. Roles can also be assigned directly to users, overriding or extending inherited permissions.
Users
Manage identities, group membership and direct roles
AL
Alice Lang
alice@corp.io · Engineering → Backend
adminviewerBackend
BK
Bob Kim
bob@corp.io · Engineering → Frontend
editorFrontend
CS
Carol Sanz
carol@corp.io · Ops
deployerviewerOps
DM
Dan Müller
dan@corp.io · Admins
adminAdmins
EP
Eve Park
eve@corp.io · Engineering → Backend
editorBackend
FR
Frank Rossi
frank@corp.io · (no groups)
viewer
AL
Alice Lang
Status● Active
IDusr_01HX…4AF
Created2024-03-12
Group membership direct only
Engineering Backend via Engineering
Effective roles direct + inherited
admin viewer ↑ Engineering editor ↑ Backend
Dashed roles are inherited transitively through group membership.
Group tree
Engineering
Backend child group
Groups
Organise users in nested hierarchies; roles propagate to all members
EN
Engineering
Top-level · 2 child groups · 5 members
viewer
BE
Backend
Child of Engineering · 3 members
editorviewer
FE
Frontend
Child of Engineering · 2 members
editorviewer
OP
Ops
Top-level · 2 members
deployerviewer
AD
Admins
Top-level · 1 member
admin
EN
Engineering
IDgrp_02KX…9BC
Members direct
Alice LangEve ParkBob Kim
+ all members of Backend, Frontend
Child groups
Backend Frontend
Assigned roles on this group
viewer
Child groups Backend and Frontend inherit viewer, and additionally carry their own editor role.
Group hierarchy
Engineering
Backend
Frontend
Roles
Define permission scopes; assign to users or groups
AD
admin
Full access · 2 direct assignments
AdminsAlice
ED
editor
Read + write · 2 group assignments
BackendFrontend
DE
deployer
Deploy access · 1 assignment
Ops
VI
viewer
Read-only · 1 group assignment
Engineering
AU
auditor
Audit log access · 0 assignments
AD
admin
IDrol_00AA…1F2
Scopesystem-wide
Assigned to groups
Admins
Assigned to users (direct)
Alice Lang
Effective principals via inheritance
Alice Lang Dan Müller …via Admins group
Dan inherits admin through the Admins group. Alice holds it directly.