User Roles and Access Gate Access

Access Gate uses a role-based access control (RBAC) model to manage who can access the user interface and what actions they are allowed to perform. Roles define visibility, configuration rights, and administrative capabilities across the system.

This ensures users only see and modify what is relevant to their responsibilities, following the principle of least privilege.

Role-Based Access Control Overview

Access Gate provides five predefined roles, grouped into individual contributor roles and management roles. Roles control access to:

  • UI pages and dashboards
  • System and network configuration
  • Asset and enclave management
  • Compliance and reporting features
  • User and site administration

Roles are enforced consistently across the UI and take effect immediately when assigned or modified.

Standard User Roles

Individual Contributor Roles

These roles are intended for operational users with scoped responsibilities.

Security Analyst

Designed for monitoring and incident response.

Permissions include:

  • Viewing security dashboards
  • Monitoring alerts and events
  • Configuring and managing collection pipelines

Compliance Officer

Focused on compliance tracking and reporting.

Permissions include:

  • Creating and managing risk assessments
  • Accessing compliance dashboards
  • Generating compliance reports and documentation

Network Administrator

Responsible for system and network configuration.

Permissions include:

  • Modifying system settings
  • Managing network configuration
  • Configuring directory services (Active Directory / LDAP)
  • Maintaining integration settings

Management Roles

Management roles inherit all individual contributor permissions and add broader control capabilities.

Line Manager

Intended for team-level management.

Additional permissions:

  • Managing assets and enclaves
  • Updating access policies within assigned scopes
  • Overseeing resources and configurations for their area

Site Manager

Highest privilege role in the system.

Additional permissions:

  • Connecting and managing sites
  • Full administrative access across the organization
  • Managing users, roles, and authentication settings
  • System-wide configuration and oversight

User Management

User accounts and access are managed through the Accounts tab in the Administration interface.

Adding Users

To add a new user:

  1. Navigate to Settings > Accounts
  2. Click Add Administrator
  3. Provide Name, Role & Security Level
  4. If using LDAP or OAuth, ensure the external ID matches the identity provider
  5. If using local authentication, set an initial password
  6. Save to create the account

Managing Existing Users

UI of the Admin user interface

Blocking Users

Blocking a user prevents login without deleting the account. To block a user, click on the last button in the Actions columns.

Blocked users retain their configuration history and audit records.

Modifying Roles

User roles can be changed at any time:

  1. Select the user in the Access list
  2. Update role assignments using the role selector
  3. Changes apply immediately

Authentication Methods

Access Gate supports both external and local authentication mechanisms.

External Identity Providers (LDAP / OAuth)

  • Credentials are managed by the external provider
  • Passwords cannot be changed in Access Gate
  • External identifiers must match the configured authentication method
  • Recommended for enterprise and multi-site deployments

Local Authentication

  • Passwords stored locally in
  • Argon2 hashing is used for secure storage
  • Password complexity requirements are enforced
  • Passwords are encrypted client-side before transmission

Default Administrative Access

During installation, a default admin user is automatically created with the Site Manager role. This ensures immediate access to the UI for initial configuration and user setup.

It is recommended to:

  • Create named administrator accounts
  • Limit use of the default admin account
  • Regularly review administrative access

Security Best Practices

  • Assign roles based on operational responsibility
  • Minimize use of Site Manager privileges
  • Block unused or inactive accounts instead of deleting them
  • Regularly audit user roles and access rights
  • Prefer external identity providers for centralized identity management