Role-Based Access Control

AuroraSOC implements RBAC with five roles and granular permissions. Every API endpoint, dashboard page, and agent action checks permissions before execution.

Role hierarchy

Roles

Admin

Full system access. Manages users, roles, permissions, system configuration, and all security operations. Can create and revoke API keys and modify approval policies.

Analyst

Primary security operations role. Can triage alerts, investigate cases, run threat hunts, approve or reject agent actions, manage playbooks, and generate reports.

Operator

Operational tasks without full investigation scope. Can view alerts and cases, run pre-approved playbooks, manage CPS devices, and handle facilities-related dashboards.

Viewer

Read-only access to dashboards, alerts, cases, and reports. Cannot modify data or trigger actions. Suitable for management and audit roles.

API Service

Programmatic access for integrations. Scoped to the permissions assigned to the specific API key. Cannot log into the dashboard interactively.

Permission model

Each role maps to a set of permissions enforced at the middleware layer. The permission taxonomy is code-generated from a central schema to keep the API, dashboard, and agent layer in sync.

Role hierarchy​

Roles​

Admin​

Analyst​

Operator​

Viewer​

API Service​

Permission model​