Early Adopters: First 20 receive 20% off with 1 year technical support.

RogueDB logo

RogueDB

DEVELOPERSENTERPRISEDOCSPRICING
DASHBOARD

Global Protocol

Access Control (RBAC)

RogueDB utilizes a centralized Role-Based Access Control engine. Manage permissions globally via the customer portal or programmatically through the CRUD API.

1. The Role Schema

Roles serve to centralize permissions for users to reduce maintainence. These roles use User API keys for seamless management.

The Role Message

A Role defines a set of permissions to apply to all Users assigned to it.

Protobuf

message Role {
    string name = 1;
    repeated string users = 2;         // List of user API Keys.
    map<string, Permission> permissions = 3; 
    Authorization authorization = 4;   // Granular resource constraints
    bool admin = 5;                    // Full system access
    bool monitor = 6;                  // Read-only resource monitoring access
}

2. Automatic Policy Propagation

Any modifications to a role automatically get propagated to all users and enforced with any new incoming connections.

Intuitive

Roles operate the same way as individual User management with permissions, authorizations, and admin/monitor flags. The only difference is a name and a list of assigned Users.

Dynamic Membership

Adding or removing users applies the appropriate permission changes and enforces for all new connections.

Clean Revocation

Modifying, deleting, and creating a role automatically grants and revokes permissions for assigned Users with a secure default of no permissions.

3. Code Example

Roles can be updated via the CRUD API to automate onboarding and offboarding.

C++

Python

Go

// Example: Use CRUD API to manage users.
rogue::services::Insert request{};
request.set_api_key(API_KEY);
rogue::services::Registry& registry{ *request.add_messages() };
rogue::services::Role& role{ *registry.mutable_role() };

role.set_api_key("UUIDv4");
role.set_name("internal_name");
role.add_users("user_api_key");
(*role.mutable_permissions())["Test"] = rogue::services::Permission::READ_WRITE;
(*role.mutable_permissions())["User"] = rogue::services::Permission::READ;
role.set_authorization(rogue::services::Authorization::PII_FINANCIAL_INTERNAL_SENSITIVE_CRITICAL);
role.set_admin(false);
role.set_monitor(false);

Admin vs. Monitor

The admin flag bypasses granular permission checks. The monitor flag is required for users to access the Monitor API.

Secure Your Fleet

Configure your first role to begin delegating access to your organization.

Configure Roles in Portal

On This Page

Introduction to RogueDB

How to Use These Docs

The Mental Model