What is RBAC and why have it?
One of the most common requests we've gotten is to define a user that has access to the Jamf Protect console but cannot make any changes to your environment. This concept is often referred to as an audit user: someone to “Watch the Watchers” and ensure that security operations are performed correctly. However, this is really just one role that an authorized user may need to play within the Jamf Protect console. This brings us to something called RBAC.
Wikipedia defines RBAC as “an approach to restricting system access to authorized users.” What it boils down to is that you want to be able to control who can access your sensitive systems (such as Jamf Protect) and what they can do within that system once they have access, based on the role that your user plays in your organization.
As of today, Jamf Protect’s console has RBAC as an option to create audit users. So the next time someone needs to verify who made a change to Jamf Protect, you can give them access to verify the information without exposing your environment to the potential for unexpected changes by an unauthorized user.
Screenshot of the user account list in Jamf Protect
But we went further. Do you want to give someone access only to the Insights dashboard? How about granularly restricting who in your security team can modify the analytics that triggers alerts while still permitting access to investigate security incidents to your full team? With RBAC in Jamf Protect, you can now define groups of users that have specific read or write capabilities to each individual page in the Jamf Protect console to create the roles your workflows require. If you leverage our SSO capabilities with your identity provider, you can even take it further by syncing group membership of users with roles in Jamf Protect.
Screenshot of granular permissions being configured for a user account in Jamf Protect.
Simple alert management through email
Do you need to centrally manage security alerts raised by Jamf Protect, but don’t want to be tied to the console all day? Or maybe you’re not ready to integrate Jamf Protect alerts into your broader managed ticketing system. As of today, Jamf Protect can simply send you an email.
When Jamf Protect raises an alert, the system will automatically send an email with a list of new alerts to the email address configured to receive them. If it’s a single alert, you’ll get all the standard info such as:
- What device was affected?
- When was the suspicious or malicious activity registered?
- What caused the alert?
- And of course, a description of what the alert means.
Screenshot of a detected alert generated by a device in Jamf Protect.
But what if you have multiple alerts in a short period of time? Jamf Protect will simply collect all of these alerts into a table that can easily be scanned.
And of course, you can always get back to the actual alert in the console from the email you received.
Now you can receive Jamf Protect alerts in your email if that fits your workflow.