Users & Access

RBAC - Managing Team Members and User Access in CloudCapsule

Cloud Capsule's RBAC lets you control which team members can log in, which tenants they can access, and what actions they can perform. This article covers login access, adding users, creating groups, and managing permissions.

Analyze Manage

Step 1: Configure User Login Access

  1. Navigate to Admin in the left sidebar and select the Users tab.
  2. Use the Allow all users from my organization to login toggle to set your preferred access mode:
    • On: Any user from your organization's Microsoft 365 tenant can log in to Cloud Capsule.
    • Off: Only users you manually add will have access. Use this setting if you want to control access on a per-user basis.

Step 2: Add a User Manually

If the organization-wide toggle is off, you will need to add users individually.

  1. Navigate to Admin > Users.
  2. Click the Add User icon.
  3. Enter the user's email address.
  4. Configure their access level:
    • Tenant Admin on: The user has full access to all tenants and admin functions.
    • Tenant Admin off: The user can only access tenants through assigned groups. Toggle this off to expand the group assignment options.
  5. If Tenant Admin is off, select the groups you want the user to belong to using the Add to group dropdown.
  6. Click Add User to save.

Step 3: Create Groups

Groups allow you to define which tenants a set of users can access and what they can do within those tenants.

  1. Navigate to Admin > Users and select the Groups sub-tab.
  2. Click the + button in the upper-right corner to create a new group.
  4. Enter a descriptive Group Name.
  5. Assign tenants to the group by moving them from Available Tenants to Assigned Tenants. Users in this group will only see the tenants listed under Assigned Tenants.
  6. Set permissions for the group. You can combine permissions as needed:
    • Full Control: All actions within assigned tenants, except access to the Admin page.
    • Annotate: Add comments, override vendor controls, and manage Breakglass Users and exclusions.
    • Refresh: Refresh assessment data for assigned tenants.
    • Share: Enable client logins via shareable links.
    • Manage (Coming Soon): Quick fixes, disable/add users, and deploy policies and configurations.
  7. Click Save when finished.

To edit or delete a group, click into it from the Groups list, make your changes, or click the red Trash icon to remove it.

Step 4: Assign Groups to Users

  1. Navigate to Admin > Users and select the user you want to configure.
  2. Confirm the Tenant Admin toggle is off. Groups cannot be assigned while Tenant Admin is enabled.
  3. Use the Available Groups and Assigned Groups buckets to move groups into the user's assigned access. A user can belong to multiple groups.
  4. To remove a group from a user, move it back to Available Groups.
  5. Click Save.

Managing Existing Users

To enable or disable a user's access at any time:

  1. Navigate to Admin > Users and select the user.
  2. Use the Enabled toggle in the top-right of the user detail view to turn their access on or off.

What Users See with RBAC Enabled

  • Users will only see the tenants included in their assigned groups.
  • Users will only be able to perform actions that match their group permissions.
  • Users without Tenant Admin access will not see the Admin page.

When to Contact Support

If you are experiencing issues adding users or configuring group permissions, please contact support.

Email: support@cloudcapsule.io In-app: Navigate to Support and open a new ticket.