Roles and permissions

NXLog Platform includes a wide range of system operations and access to information that can be considered sensitive. To ensure a high level of security, NXLog Platform provides role-based access control (RBAC) to define the features and data each user can access.

Roles simplify assigning user permissions and avoid human error. Each role defines a set of permissions for a user, such as Admin or Log Analytics. All users with the same role have the same set of permissions.

Therefore, it’s essential to understand the following roles and their specific permissions so that you assign roles that give users only the necessary access they need to complete their tasks.

Table 1. Roles and permissions explained
Role Description

SuperAdmin

This role has the highest administration-level privileges and can access all UI sections. The SuperAdmin role has all the permissions of other roles, plus:

  • Delete organizations

  • Create, update, and delete access rules

  • Create, update, and delete audit logs

Admin

The Admin role has all the permissions of other roles except permissions exclusive to the SuperAdmin role.

Customer Account Management

This role can access the Organizations UI and create and update organizations.

Customer Account Management — read-only

This role has read-only access to the Organizations UI.

User and Role Management

This role can access the Users view within the Organizations UI and:

  • List organizations

  • List, add, and delete users

  • Assign roles

User and Role Management — read-only

This role has read-only access to the Users view within the Organizations UI.

Agent Management

This role can access the Agents UI and perform all functionalities related to agent management:

  • Enroll and unenroll agents

  • Restart, start, and stop agents

  • Create configuration templates

  • Assign configuration templates to agents

  • Edit and synchronize agent configurations

  • Renew agent certificates

Agent Management — read-only

This role has read-only access to the Agents UI.

Log Search

This role can access the Log Search UI and perform all functionalities related to log analytics:

  • List organizations

  • Update log settings

  • View and search logs

Log Search — read-only

This role can access the Log Search UI and:

  • List organizations

  • View and search logs

Log Repository Management

This role can access the Log Database Management view within the Settings UI and perform all functionalities related to log management and analytics:

  • List organizations

  • Update log management settings

  • View log access rules

  • View and search logs

Log Repository Management — read-only

This role can access the Log Database Management view within the Settings UI and:

  • List organizations

  • View log management settings

  • View log access rules

  • View and search logs

Log Analytics

This role can access the Dashboards UI and perform all functionalities related to dashboard management:

  • List organizations

  • Create, update, and delete custom dashboards

  • View and search logs

Log Analytics — read-only

This role can access the Dashboards UI and:

  • List organizations

  • View custom dashboards

  • View and search logs

License Management

This role can access licensing information and manage licenses:

  • Read organizations

  • Update organizations

  • Read subscriptions

  • Update subscriptions

  • Read licenses

  • Update licenses

  • Delete licenses

  • Create licenses

License Management — read-only

This role can access licensing information:

  • Read organizations

  • Read subscriptions

  • Read licenses