Early Adopters: First 20 receive 20% off with 1 year technical support.

Global Protocol

Access Control (RBAC)

RogueDB utilizes a centralized Role-Based Access Control engine. Manage cluster permissions globally via the customer security vault portal or programmatically through the native CRUD API channel.

1. The Role Schema

Roles serve to centralize permissions for users to reduce maintainence. These roles use User API keys to standardize management.

The Role Message

A Role defines a set of permissions to apply to all Users assigned to it.

Protobuf

message Role {
    string name = 1;
    repeated string users = 2;         // List of user API Keys.
    map<string, Permission> permissions = 3; 
    Authorization authorization = 4;   // Granular resource constraints
    bool admin = 5;                    // Full system access
    bool monitor = 6;                  // Read-only resource monitoring access
}

2. Automatic Policy Propagation

Any modifications to a role automatically propagate to all users. Any new incoming connections enforce the changes.

Intuitive Architecture

Roles operate the same way as individual User management with permissions, authorizations, and admin/monitor flags. The only difference is a name and a list of assigned Users.

Dynamic Membership

Adding or removing users applies the associated permission changes and enforces for all new connections.

Clean Revocation

Modifying, deleting, and creating a role automatically grants and revokes permissions for assigned Users with a secure default of no permissions.

3. Code Example

Roles can be updated via the CRUD API to automate onboarding and offboarding.

C++

Python

Go

JavaScript

C#

Java

// Example: Use CRUD API to manage users.
rogue::services::Insert request{};
request.set_api_key(API_KEY);
rogue::services::Registry& registry{ *request.add_messages() };
rogue::services::Role& role{ *registry.mutable_role() };

role.set_api_key("UUIDv4");
role.set_name("internal_name");
role.add_users("user_api_key");
(*role.mutable_permissions())["Test"] = rogue::services::Permission::READ_WRITE;
(*role.mutable_permissions())["User"] = rogue::services::Permission::READ;
role.set_authorization(rogue::services::Authorization::PII_FINANCIAL_INTERNAL_SENSITIVE_CRITICAL);
role.set_admin(false);
role.set_monitor(false);

Note: All C# and Java examples are untested and generated with Gemini based on other language examples. Validation planned for Q3 based on bandwidth. Validated contributions welcome at support@roguedb.com.

See User Management and Schema Change sections for additional details.

Admin vs. Monitor

The admin flag bypasses granular permission checks. The monitor flag is required for users to access the Monitor API.

Secure Your Fleet

Configure your first role to begin delegating access to your organization.