Access Gate uses a role-based access control (RBAC) model to manage who can access the user interface and what actions they are allowed to perform. Roles define visibility, configuration rights, and administrative capabilities across the system.
This ensures users only see and modify what is relevant to their responsibilities, following the principle of least privilege.
Role-Based Access Control Overview
Access Gate provides five predefined roles, grouped into individual contributor roles and management roles. Roles control access to:
- UI pages and dashboards
- System and network configuration
- Asset and enclave management
- Compliance and reporting features
- User and site administration
Roles are enforced consistently across the UI and take effect immediately when assigned or modified.
Standard User Roles
Access Gate ships with five roles — three individual-contributor roles (scoped responsibilities) and two management roles (broader control). Management roles inherit all contributor permissions.
| Role | Category | Focus | Key Permissions |
|---|---|---|---|
| Security Analyst | Contributor | Monitoring & incident response | Dashboards, alerts, collection pipelines |
| Compliance Officer | Contributor | Compliance & reporting | Risk assessments, compliance reports |
| Network Administrator | Contributor | System & network config | Network settings, directory services, integrations |
| Line Manager | Management | Team-level administration | Asset/enclave management, scoped policies |
| Site Manager | Management | Organization-wide administration | Sites, users, roles, authentication, full config |
Expand any role below for the full permission set.
Security Analyst — monitoring & incident response
Designed for monitoring and incident response.
- Viewing security dashboards
- Monitoring alerts and events
- Configuring and managing collection pipelines
Compliance Officer — compliance & reporting
Focused on compliance tracking and reporting.
- Creating and managing risk assessments
- Accessing compliance dashboards
- Generating compliance reports and documentation
Network Administrator — system & network config
Responsible for system and network configuration.
- Modifying system settings
- Managing network configuration
- Configuring directory services (Active Directory / LDAP)
- Maintaining integration settings
Line Manager — team-level administration
Inherits all contributor permissions, plus:
- Managing assets and enclaves
- Updating access policies within assigned scopes
- Overseeing resources and configurations for their area
Site Manager — organization-wide administration
Highest-privilege role in the system. Inherits all other permissions, plus:
- Connecting and managing sites
- Full administrative access across the organization
- Managing users, roles, and authentication settings
- System-wide configuration and oversight
User Management
User accounts and access are managed through the Accounts tab in the Administration interface.
Adding Users
To add a new user:
- Navigate to Settings > Accounts
- Click Add Administrator
- Provide Name, Role & Security Level
- If using LDAP or OAuth, ensure the external ID matches the identity provider
- If using local authentication, set an initial password
- Save to create the account
Managing Existing Users
UI of the Admin user interface
Blocking Users
Blocking a user prevents login without deleting the account. To block a user, click on the last button in the Actions columns.
Blocked users retain their configuration history and audit records.
Modifying Roles
User roles can be changed at any time:
- Select the user in the Access list
- Update role assignments using the role selector
- Changes apply immediately
Authentication Methods
Access Gate supports both external and local authentication mechanisms.
External Identity Providers (LDAP / OAuth)
- Credentials are managed by the external provider
- Passwords cannot be changed in Access Gate
- External identifiers must match the configured authentication method
- Recommended for enterprise and multi-site deployments
Local Authentication
- Passwords stored locally on the Access Gate
- Argon2 hashing is used for secure storage
- Password complexity requirements are enforced
- Passwords are encrypted client-side before transmission
Default Administrative Access
During installation, a default admin user is automatically created with the Site Manager role. This ensures immediate access to the UI for initial configuration and user setup.
It is recommended to:
- Create named administrator accounts
- Limit use of the default admin account
- Regularly review administrative access
Security Best Practices
- Assign roles based on operational responsibility
- Minimize use of Site Manager privileges
- Block unused or inactive accounts instead of deleting them
- Regularly audit user roles and access rights
- Prefer external identity providers for centralized identity management