Restrict Access to Admin Portal using RBAC

Written by Daniel Fay on October 16, 2020

Share This Article

IT teams are composed of lots of different titles, roles, jobs, and tasks. Giving all members full administrative access is likely not conducive to security or job role. The ability to control which member of the IT team has access to different levels of access may be a requirement for security compliance, workflow, or job scope. With JumpCloud®’s new release of Role Based Access Control (RBAC), administrators now have an easy way to implement scope of access within pre-configured roles for their IT team members. 

The Scoop on Scopes

JumpCloud provides organizations with the ability to implement Zero Trust security practices through groups, configurations, access controls, and more within its cloud directory platform. IT teams using JumpCloud previously either had full access or none. By looking at access in scopes, we can target common roles that IT teams may need to assign in order to implement a practice of least privilege. The first version of RBAC will allow IT teams to assign specific roles with scopes of access to help restrict portions of the platform. 

Organizations who may have larger teams or stricter security requirements need options to ensure that their team members have access to only the items they would need to manage. With this first iteration of RBAC in JumpCloud, Administrator accounts can be assigned the following new roles: Manager, Help Desk, and Read Only. 

Each of the roles has different capabilities within JumpCloud’s Admin Portal. We’ll define each of these new roles below and their scopes of access. 

Scopes, Roles, & Access

ScopesManagerHelp DeskRead Only
CommandsFull AccessReadRead
Directory InsightsReadReadRead
GroupsFull AccessReadRead
MDMFull AccessReadRead
SupportFull AccessFull AccessRead
System InsightsReadReadRead
SystemsFull AccessReadRead
UsersFull AccessFull AccessRead


Admins with the manager role assignment can manage devices, groups, and users but have read-only access to all other scopes. Typically, managers would be in charge of onboarding and offboarding users or granting access in assistance to help desk staff. Managers could also assist in deciding the structure, nomenclature, and organization of the users, groups, and systems within the environment. Examples of how the manager role could be used in a real-world scenario could include: 

  • IT admin in charge of onboarding new users
  • IT admin in charge of 2nd tier of IT helpdesk support: including granting access

Help Desk

Help Desk admins could handle general tasks within the environment and JumpCloud organization. Primary access allows visibility of data, configurations, and perform rudimentary tasks. Some of these tasks could include password resets, unlock users, check access levels, and troubleshoot issues. This person is the first line of defense for the IT org, but is not empowered to make many changes to systems, applications, or any of the other critical resources without either a Manager or Administrator’s assistance. 

Read Only

The most restrictive of the Administrative roles is Read Only. Typical uses for a read only account could be used for auditing, scripts, or pulling data for auditing. Examples of implementing a read-only account could be the following:

  • A third-party auditor needs admin console access to assess compliance
  • In-house security auditor needs admin console access to assess compliance
  • A headless account serving scripts to pull data out of JumpCloud via API. API commands executed by this role would only have read-only visibility thus limiting the actions the script or executor could action. 

Least Privilege – Most Secure Approach

JumpCloud’s directory platform natively implements a least-privilege approach when it comes to users and with the new Administrator RBAC release, this ability is extended to the IT teams managing the JumpCloud organization. By scoping team members roles to the duties and objects they need access to, organizations can eliminate potential risks of accidental changes or access. 

Try JumpCloud Free

Evaluate JumpCloud Free today to see why 100,000+ organizations trust JumpCloud to help secure and easily manage their resources. With JumpCloud Free, you receive up to 10 users and 10 systems, as well as 10 days free of premium in-app chat support to help you explore the entirety of the platform.

Continue Learning with our Newsletter