Redox logo

Redox is introducing role-based access control (RBAC)

Nov 16, 2023

What’s role-based access control?

With role-based access control, you will have more control over user access in your Redox organizations to:

  • Mitigate the risk of leaking sensitive data, like PHI, by making sure that only relevant users can access this kind of data.

  • Reduce the chances of breaking changes by controlling who can make changes or what changes users can make in their organization's settings and configuration.

  • Enforce observance of any relevant internal or external security and compliance policies.

You can now control which users manage your Redox organization, as well as who can access data or make processing and connectivity changes on an environment-by-environment basis.

Redox platform users will each be assigned roles both at the organization and the environment level, with one role assignment for each environment they have access to. The user’s assigned role determines what they can see and do in an environment.

Roles are predefined with certain access and permissions. When a user is assigned a role, they gain the access and permissions defined for that role. Learn how to manage access and review available roles below.

New roles

Organization roles

A user may only be assigned one organization role at a time which determines their capabilities and access at the organization level.

1 - Redox is introducing role-based - rbac-organization-roles-1024x519.jpg
Role-based access control - Organization roles chart

Environment roles

An environment role determines the capabilities and access a user has within an environment. A user isn't required to have an environment role in every environment (in which case they won’t have access to that environment), but if they do, they may only have one within each environment.

2 - Redox is introducing role-based - rbac-environment-roles-1024x684.jpg
Role-based access control - Environment roles chart

When is this happening?

Access Control will launch and be available in December 2023. We’ll make another announcement in early December when the launch date is set. This is an early release announcement to allow you to prepare for the upcoming changes. Reach out to your Redox Technical Account Manager with any questions.

What do I have to do to migrate?

We’ll migrate current users in your Redox organization for you, prior to launch, to their new roles based on their current permission settings in their Redox organization:

Organization role migration

Current owner flag

New organization role assignment

Owner

Owner

Non-Owner

Member

Environment role migration

Current PHI access flag

New development role assignment

New staging role assignment

New production role assignment

PHI access

Engineer

Engineer

Engineer

No PHI access

Engineer

Engineer

Observer


Engage with Redox