Roles and permissions

NXLog Platform includes a wide range of system operations and access to information that can be considered sensitive. To ensure a high level of security, NXLog Platform provides role-based access control (RBAC) to define the features and data each user can access.

Roles simplify assigning user permissions and avoid human error. Each role defines a set of permissions for a user, such as Admin or Log Analytics. All users with the same role have the same set of permissions.

Therefore, it’s essential to understand the following roles and their specific permissions so that you assign roles that give users only the necessary access they need to complete their tasks.

Table 1. Roles and permissions explained
Role	Description
SuperAdmin	This role has the highest administration-level privileges and can access all UI sections. The `SuperAdmin` role has all the permissions of other roles, plus: Delete organizations Create, update, and delete access rules Create, update, and delete audit logs
Admin	The `Admin` role has all the permissions of other roles except permissions exclusive to the `SuperAdmin` role.
Customer Account Management	This role can access the Organizations UI and create and update organizations.
Customer Account Management — read-only	This role has read-only access to the Organizations UI.
User and Role Management	This role can access the Users view within the Organizations UI and: List organizations List, add, and delete users Assign roles
User and Role Management — read-only	This role has read-only access to the Users view within the Organizations UI.
Agent Management	This role can access the Agents UI and perform all functionalities related to agent management: Enroll and unenroll agents Restart, start, and stop agents Create configuration templates Assign configuration templates to agents Edit and synchronize agent configurations Renew agent certificates
Agent Management — read-only	This role has read-only access to the Agents UI.
Log Search	This role can access the Log Search UI and perform all functionalities related to log analytics: List organizations Update log settings View and search logs
Log Search — read-only	This role can access the Log Search UI and: List organizations View and search logs
Log Repository Management	This role can access the Log Database Management view within the Settings UI and perform all functionalities related to log management and analytics: List organizations Update log management settings View log access rules View and search logs
Log Repository Management — read-only	This role can access the Log Database Management view within the Settings UI and: List organizations View log management settings View log access rules View and search logs
Log Analytics	This role can access the Dashboards UI and perform all functionalities related to dashboard management: List organizations Create, update, and delete custom dashboards View and search logs
Log Analytics — read-only	This role can access the Dashboards UI and: List organizations View custom dashboards View and search logs
License Management	This role can access licensing information and manage licenses: Read organizations Update organizations Read subscriptions Update subscriptions Read licenses Update licenses Delete licenses Create licenses
License Management — read-only	This role can access licensing information: Read organizations Read subscriptions Read licenses