Role Based Access Control (RBAC)
Role Based Access Control (RBAC) is a policy neutral access control mechanism defined around roles and privileges. The components of RBAC such as role-permissions, user-role and role-role relationships make it simple to perform user assignments.
RBAC Components
Roles
A role is a collection of permissions that can be assigned to users. Roles can be assigned to users, and users can have multiple roles.
Within Helix, there are several predefined roles, such as Administrator, Dispatcher, and Responder. These roles have a set of permissions associated with them, which are granted to users who are assigned to the role.
It is recommended that you create your own roles for specific use cases, rather than modifying the predefined roles.
Permissions
Permissions are the individual rights that are granted to users. These permissions are assigned to roles, and users inherit the permissions of the roles they are assigned.
Permissions generally relate to a specific feature within Helix, such as the ability to add a remark to an incident, update incident grading/priorities and modify resources, etc.
Dynamic Role Membership
In large or complex organisations, it is usually impractical to manually assign and keep track of various user roles, especially in environments where a user may perform multiple jobs (e.g. a responder who is trained as a dispatcher).
Dynamic role membership allows you to assign roles to users based on their Single-Sign On (SSO) group membership. This means that users who are members of a specific group in your SSO provider will automatically be assigned a specific role in Helix.
Entra ID
For users signed in via ADFS or Azure AD, Helix can be configured to use Entra group membership claims to assign roles. These are updated when a user logs in to the system and are used to determine the roles that the user should have.
More documentation on this feature will be available soon.
Discord
For users signed in via Discord, Helix can be configured to use Discord roles to assign roles. These are updated when a user logs in to the system and are used to determine the roles that the user should have. Additionally, the Helix Discord bot (if authorised in your Discord server) can monitor membership role changes and apply them in near-realtime within Helix.
This integration is two-way, meaning that supervisors can update user roles within Helix (provided a Discord user is linked to the Helix account) and the changes will be reflected in Discord. This feature must be enabled by a Global Administrator in your Helix organisation.