Role-Based Access Control (RBAC) - Tanium Tech Talks #81
These episodes cover Tanium role-based access control (RBAC) in detail. Learn the basics with step-by-step demos, best practices guidance, and other helpful tips.
In this two-part Tanium Tech Talks, Kat, a member of the Tanium product management organization and former Tanium console and RBAC specialist, shows us how to create roles and assign permissions and scopes, as well as how to use computer groups to organize endpoints into logical categories and personas to test permissions using Tanium role-based access control.
This guided explanation is aimed at beginners who want to understand how to control who can do what in Tanium.
What to know about Tanium RBAC
Kat describes how permissions and scopes define the specific capabilities that user groups and roles grant, including the limits on which endpoints or objects a user can access with their role and permissions. For example, a user may have permission to deploy sensors but only to endpoints that belong to a certain scope.
Additionally, Kat walks through other key features of Tanium RBAC, including:
Content sets
Kat explains how content sets are collections of Tanium objects, such as sensors, packages, dashboards, and saved questions, that you can assign to roles and computer groups. Content sets allow you to more easily control what actions and data are available to different users and groups.
Computer groups
Computer groups organize endpoints into logical categories based on their attributes, such as operating system, IP address, or other criteria. In Tanium RBAC, Kat shows how computer groups can be used to define scopes for roles and permissions, limiting users’ or groups’ access and visibility to specific endpoints or objects.
For example, you can create a computer group for Windows servers and assign a role that allows only certain users to run actions on them. This will improve the security and efficiency of your endpoint management.
Personas
Another key use case included in Tanium RBAC Kat highlights is the ability to create personas. A persona is a way of creating a test user that has specific roles and permissions assigned to it. By creating a persona, you can switch to a different profile and see exactly what the test user can access and do in the Tanium console. This helps you verify that you have configured the roles and permissions correctly for a group of users before they sign in.
By creating, assigning, and testing the roles, permissions, and scopes using Tanium RBAC, you can control who can do what and ensure that your users have the appropriate level of access and visibility into the endpoints and objects they need to manage.
Additional resources for Tanium RBAC
The Tanium Resource Center at help.tanium.com is a comprehensive repository of technical information and best-practice information on Tanium solutions.