Guides
Start typing to search…

Role-Based Access Control

The Censys Platform uses role-based access control (RBAC) to provide granular access control for users and resources. This document explains the various roles, their permissions, and how relationships to resources enhance functionality and security.

Core roles and permissions

Admin

Admins have the highest level of permissions within an organization.

Capabilities

  • Manage account settings, billing, and Collections webhook integrations. (Collections coming soon)
  • Invite, edit, and remove users.
  • Promote users to Admin roles.
  • Configure and manage SSO configurations.
  • Create, update, and delete integrations.
  • Grant Members access to integrations.

Member manager

Focused on user management tasks.

Capabilities

  • Invite new Member users to the organization.
  • Remove Member users from the organization.
  • Edit Member user metadata (such as email, name).
  • Assign non-admin roles to users.

Member

Default role for all users, with basic access permissions.

Capabilities

  • Access integrations if granted appropriate permissions.
  • Edit their personal account settings, including generating new API keys and deleting API keys.

Key features and functionality

Default relationships

  • Viewer Access to Global Search: All users can access Global Search by default.

Advanced capabilities

Integration management

  • Admins and Editors can perform the following actions for integrations:
    • View, edit, or delete Collections webhooks.

API key management

  • Users can generate multiple API keys.
  • Future roadmap includes token-specific scopes for enhanced security and limited permissions.

Audit and logging

  • Admins can view logs of user actions, including role changes, ensuring accountability.

Custom roles and permissions (coming soon)

  • Users will eventually be able to define custom roles with tailored permissions to meet unique organizational needs.

Best practices

  • Assign roles thoughtfully: Limit the Admin role to trusted users. Use Member Manager for delegated user management.
  • Use relationships: Leverage Viewer and Editor roles to control access without over-assigning permissions.
  • Review access regularly: Audit user access and role assignments to ensure security and compliance.
  • Secure integrations: Assign integration-related permissions only to those who manage connected workflows.

Updated about 11 hours ago