Automating Role-Based Access Control Assignments in ShiftLeft CORE – Security Boulevard

In this article, well cover how you can automate role-based access control (RBAC) assignments in ShiftLeft CORE. You can sign up for a free ShiftLeft CORE account and try this out for yourself.

ShiftLeft COREs role-based access control (RBAC) feature allows you to manage applications, teams, and roles via its API. This is helpful for administrators overseeing multiple teams, each with developers working on different projects, since they no longer have to manage access control on a per-developer basis. Here is a link to our RBAC documentation.

From my experience as a Customer Success Engineer, many people want to apply RBAC to their applications security findings. Forexample:

Managing these different needs, however, can be challenging.

When you have a variety of roles, each requiring a specific set of permissions, role-based access control is useful. RBAC allows organizations to roll out users, groups, and teams in bulk while ensuring that each person has the permissions they need (and nothingmore).

In addition to UI-based management, COREs role-based access control (RBAC) feature allows the management of applications, teams, and roles via its API. This is helpful for administrators overseeing multiple teams, each with developers working on different projects, since they no longer have to manage access control on a per-developer basis.

However, I thought this process could be simpler. To that end, I created a script that automates several processes related to role-based access control. The script performs a bulk operation using a CSV file of users, teams, organizations roles, and team roles, updating the ShiftLeft users as specified. With this script, organizations can easily map users, roles, and teams in bulk. The API documentation can be foundhere.

The RBAC automation script is available on Github; you may find it helpful to refer to the repo during the subsequent portions of this article, which explain how the scriptworks.

To run the automation script, you will need both your ShiftLeft Access Token (this is your Personal Access Token, not your CI Token) and your Organization ID.

The script accepts a CSV file as an input (note that the inputs are case-sensitive). Each row in the filedefines:

The script works by searching for each user in ShiftLeft, then updating their team, organization role, and team role as defined in the CSV (if the team to which they should be assigned does not exist, ShiftLeft will createit).

Its important to note, however, that the users being updated should already be verified users, either through an email invite or from just-in-time SSO provisioning (seats are limited in this case, however).

Finally, to use the script, run python3 main.py in the terminal from the root of the directory where you have saved thescript.

RBAC is helpful for management access control en masse, but ShiftLefts API allows you to take advantage of automation to make management easier while minimizing the potential to make mistakes during the assignment process.

If you are interested in learning more about RBAC implementation at ShiftLeft please check out thisarticle.

You can sign up for a free ShiftLeft CORE account and try this out for yourself.

Automating Role-Based Access Control Assignments in ShiftLeft CORE was originally published in ShiftLeft Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

*** This is a Security Bloggers Network syndicated blog from ShiftLeft Blog - Medium authored by Davis Barillas. Read the original post at: https://blog.shiftleft.io/automating-role-based-access-control-assignments-in-shiftleft-core-aea776f23543?source=rss----86a4f941c7da---4

See the original post here:

Automating Role-Based Access Control Assignments in ShiftLeft CORE - Security Boulevard