Enable RBAC Visibility for End Users by Roles

[tomvachon]

As an administrator of the system, I would like my end users to be limited in their visibility to the accounts which they are responsible for operating.

[markofu]

Hey @tomvachon,

I'm going to close this as this feature is already there. For example, in the Cloud Inquisitor UI:

• go to Roles, create the role that you want, e.g. Account1 & save
• go to Accounts, in Required Role (which is free-form) & add in the newly created role

I'm going to create a new feature to improve the workflow and documentation here. For example, one feature would be that the "required role" field auto-populates. See here.

[tomvachon]

@markofu I would argue this isn't an enhancement, this is a bug. RBAC isn't implemented if I can't block visibility. When they go to the front page, it errors our hard. They only way to fix that is to grant user, which grants view to all

[markofu]

Hey @tomvachon, ok that makes sense. I was not clear that, let's chat on Slack.

[tomvachon]

SO i think I have better info...

1. RBAC only works if every account has required roles set. Otherwise they pop up for the end-user. This makes sense but isnt clear.

2. RBAC is not applied into the reports views. I can see every single instance in Required Tags and Volume Audit; Instance Age does apply correct RBAC though