Skip to main content
Altostrat SDX uses a flexible Role-Based Access Control (RBAC) model to ensure secure and organized collaboration. Access to all resources, such as sites and policies, is managed through a hierarchy of Users, Teams, and Roles.

The Access Control Model

Understanding these three components is key to managing your workspace effectively.
  • Users: An individual account. A user can be a full team member with login access or a notification-only recipient.
  • Teams: The primary containers for collaboration. All resources (sites, policies, etc.) belong to a team. A user must be a member of a team to access its resources.
  • Roles: Collections of permissions (scopes) that define what a user can do. Roles are assigned to users within a specific team.
In this example, both Alice and Bob are administrators in the “NOC Team” and can manage Sites A and B. Bob is also a member of the “Security Auditors” team, but with a “Read-Only” role, giving him different permissions in that context.

Managing Teams

Teams are the foundation of your workspace. You should create teams that align with your organizational structure or project responsibilities.

Creating a New Team

1

1. Navigate to Teams

In the SDX dashboard, go to Settings → Teams and click + Add Team.
2

2. Name Your Team

Provide a descriptive name, such as “Network Operations” or “Client XYZ Support”, and confirm. The team is now created, with you as the owner.

Switching Your Active Team

If you belong to multiple teams, use the team switcher in the main navigation to change your active context. This determines which team’s resources you are currently viewing and managing.

Managing Users and Team Membership

Once a team exists, you can add members and assign them roles.
1

1. Navigate to Team Members

Go to Settings → Teams, select the team you want to manage, and click on the Members tab.
2

2. Add or Invite a User

Click Add Member. You can now either:
  • Invite a new user by entering their email address. They will receive an invitation to join your team.
  • Add an existing Altostrat user by searching for their name or email.
3

3. Assign Roles

Select one or more Roles to grant the user permissions within this team. The “Administrator” role provides broad access, while other roles may be more limited.
You can create custom roles with specific permissions in Settings → Roles & Permissions.
4

4. Manage Existing Members

From the members list, you can edit a user’s roles or remove them from the team. To edit a user’s profile details (like their name or allow_login status), navigate to the global Settings → Users list.

User Types: Full Access vs. Notification-Only

When creating or editing a user, you can set their allow_login status. This creates two types of users:
  • Portal Users (allow_login: true): Full members who can log into the dashboard.
  • Notification-Only Users (allow_login: false): Cannot log in, but can be added as recipients in Notification Groups. Ideal for stakeholders who need alerts but not platform access.

Best Practices

Use the Principle of Least Privilege

Assign roles that grant users only the permissions they need to perform their job. Avoid giving everyone administrative access.

Prefer Disabling Over Deleting

If a user’s access needs to be revoked, it’s often better to disable their login (allow_login: false) or remove them from a team rather than deleting their account entirely. This preserves their activity history for auditing purposes.