Skip to main content

Role-Based Access Control (RBAC)

Role-Based Access Control (RBAC) in ART provides an advanced layer of security that governs user capabilities at the channel level, ensuring precise control over message visibility and actions. Beyond traditional authentication, RBAC defines what each authenticated user can do within the communication channels, bolstering data privacy and security.

This feature is designed to enforce security by separating concerns, focusing exclusively on channel-level access, thereby controlling interactions such as subscribing, publishing, or listening to messages.

RBAC works seamlessly with ART's core channel features, providing an essential security layer for applications that require differentiated access to real-time data and interactions. Developers define roles and assign them to users, and the ART platform automatically enforces these permissions for all channel-based communications.

Key Capabilities

ART's RBAC empowers administrators with granular control over channel access, enhancing the security posture of your application:

  • Customizable Permissions: Define distinct roles with specific capabilities, allowing fine-tuned control over user interactions within channels.
    • Subscription Rights: Determine which users are permitted to subscribe to a particular channel.
    • Push Permissions: Specify which users can send or "push" messages into a channel.
    • Listen-Only Access: Grant users the ability to receive messages without the permission to send any data.
  • Enhanced Application Robustness: By clearly delineating who can perform what actions on a channel, potential security risks are minimized. This prevents unauthorized data manipulation or access to sensitive communication streams, strengthening the overall application security.
  • Centralized Role Management: All assigned roles and permissions can be centrally managed from the ART console. This centralized approach simplifies auditing, updates, and enforcement of channel access controls, allowing for quick adjustments in response to evolving security requirements.
  • Dynamic User Creation & Role Assignment (Overview): Support for creating connection users (via secure passcodes or through the ART console/REST APIs) with immediate assignment of default roles ensures a secure baseline for user access. These roles can then be modified as needed.

Security & Data Privacy

ART's RBAC is fundamental to protecting user data and maintaining privacy within real-time communication flows:

  • Granular Permission Control: Ensures that only users with explicitly defined permissions can access specific message streams or perform actions, preventing misuse and safeguarding data privacy.
  • Multi-layered Security: Implements checks at the channel access layer, providing an additional safeguard even if other security layers are compromised.
  • Targeted Data Transmission: With strict access controls, data is transmitted exclusively to its intended recipients, minimizing the risk of data leaks or unauthorized broadcasting of sensitive information.
  • Controlled User Onboarding: Mechanisms for user creation and default role assignments establish a secure entry point, ensuring users operate within predefined boundaries from the outset.