Starting Soon! Want to secure workload access to LLMs like ChatGPT? Join Our Webinar | Today at 1 pm. PT

Aembit Earns Prestigious Runner-Up Spot at RSA Innovation Sandbox Contest! Watch the Announcement

RSAC™ Innovation Sandbox FINALIST 2024 banner
Aembit is an RSA Conference Innovation Sandbox finalist! Read the news
Blog

Announcing Role-Based Resource Sets for Aembit Workload IAM

Role Based Resource Sets screen image

Today we are pleased to announce Resource Sets, a new capability that allows administrators to group related resources and policies into isolated sets, each with specific role-based access controls. This enables precise and secure resource management across different teams within a single organization.

There are multiple analogies for Resource Sets – including advanced role-based access control, multitenancy, and projects – but at its core is driven by a common enterprise requirement: Security often requires isolation between environments, assets, and access.

From RBAC to Resource Sets

The Aembit Workload IAM Platform uses role-based access control (RBAC) to efficiently manage and secure administrative access, ensuring users only have the permissions necessary for their job function and minimizing the risk of potential misuse. Users are assigned roles according to their job requirements, ensuring they have access only to the features necessary for their tasks. The portal provides the ability to create unlimited custom roles, each with specific permissions and responsibilities. For example, the default ‘SuperAdmin’ has full access to all settings, configurations, and user management functions, enabling them to oversee all administrative tasks, manage other admin roles, and handle critical security settings. Meanwhile, the default ‘Auditor’ role has read-only access, allowing them to monitor system status and configurations without making changes. The hierarchical nature of these roles means higher-level roles encompass the permissions of lower-level ones, providing a clear and structured permission system. Additionally, the possibility of custom roles allows organizations to tailor access controls to unique needs. All admin actions are logged for auditing and compliance purposes, facilitating the identification and response to unauthorized access attempts.

Benefits of Resource Sets

Resource Sets take the concept of RBAC even further and allow an organization to group and isolate resources and policies within a single organizational environment or tenant. In other words, multitenancy – in a single tenant. The advantages of this approach include the following:
  • More Secure: The principle of least privilege isn’t just for end-users. Compartmentalize your access to further reduce the risk of leaks. Even within a Resource Set, RBAC rules apply to further isolate what a less privileged user can and cannot do or see.
  • Easier Initial Configuration: A single tenant or domain to remember. Other tools such as your identity provider (IdP) and/or security information and event management (SIEM) only have to be set up only once.
  • Easier to Manage: Superadmin and auditor roles can access and view all configurations and logs for the entire tenant allowing for easier compliance enforcement and audits. Creating new Resource Sets only takes seconds.
  • Flexible: Resource Sets are available using the Aembit console and its APIs.

Making Resource Sets Work for Your Business

Creating Resource Sets is simple and allows for the use of existing or new roles. In the example below, we create Resource Sets that align with phases of deployment from QA to staging to production. Each phase’s policies should only be enforced by a very specific set of non-human identities or workloads from differing environments using different resources and credentials.
resource sets from aembit
When creating a Resource Set, simply click the roles you’d like to add.
resource sets roles
Filtering, viewing, and creation are all possible for a specific Resource Set. This can be quickly accessed via the global dropdown on each page. Below we show the ‘Dashboard’ view with ‘Default’ and all other Resource Sets available for filtering.

Resource Sets creation and management are available using Aembit APIs for organizations that are automating or integrating with their CI/CD platform. Logging and reporting also have Resource Sets tagged so that other tools can filter by known values like QA, staging, and prod, as shown in the example above.

To learn more about Resource Sets, check out https://docs.aembit.io/administration/resource-sets/overview or visit aembit.io.

You might also like

As organizations emphasize safeguarding non-human identities, you must balance immediate security measures with long-term oversight and compliance.
Sticky note security now plagues application and service connections, necessitating a shift to more mature workload access safeguards.
Security teams can enhance business operations by providing workload credential management as a service, freeing developers to focus on innovation.