Skip to main content

Role-Based Access Control (RBAC)

Bintu API v1.23.0.0

With the Bintu API v1.23.0.0 we introduced a role-based access control system in Q3/2024.

Concept and Benefits

  1. Enhanced Security:

    • Ensuring Appropriate Permissions: RBAC ensures that users and API access tokens are granted only the permissions needed for their tasks, minimizing potential security risks. This improves your account security and protects your organization's operations.

  2. Easy to Administer:

    • Simplified User Management: RBAC allows administrators to assign roles to users rather than managing individual permissions. By assigning predefined roles based on job functions, tasks, or responsibilities, administrators can easily grant access to resources by simply choosing the appropriate role for a user.
    • Centralized Permission Management: By managing permissions at the role level, rather than at the individual user level, RBAC reduces the number of decisions and changes an administrator must make. This centralized approach minimizes errors and inconsistencies in access controls.

  3. Improved Visibility/Overview of User Permissions:

    • Clear Permission Structures: RBAC provides a clear structure of roles and their associated permissions. This makes it easier for administrators to understand who has access to what resources and why, facilitating audits and compliance checks.
    • Simplified Reporting and Auditing: Since roles aggregate multiple permissions, generating reports on user access becomes more straightforward. This visibility is crucial for maintaining security, identifying potential issues, and demonstrating compliance with regulations.

Getting started

User Roles Update: No Action Needed

With the Bintu API v1.23.0.0 release introducing user roles, all users will retain their current permissions, now equivalent to the nanoAdmin role. Therefore, no immediate action is required from organizations.

Implementing Role-Based Access Control (RBAC) in your organization is a straightforward process that enhances security and simplifies user management. The following guide will walk you through the initial steps to configure user roles and manage permissions effectively.

1. Understanding Role Assignments

Before assigning roles, familiarize yourself with:

  1. Begin by reviewing the predefined roles in nanoStream Cloud to understand the basic access levels and permissions available. For an in-depth look at the permissions associated with each role, check out the High-level Permission Overview.
  2. Learn how to manage roles within the dashboard by following the dedicated Features & Function User Management page.

2. Evaluate and Assign Roles

Assess the responsibilities of each user within your organization and assign the appropriate role:

3. Monitor and Enforce Access Control

It’s important to monitor user access and enforce RBAC policies consistently:

  • Consider replacing static API keys with user-bound and expiring API tokens for enhanced security.
  • Regularly review the permissions and roles assigned to users to ensure they align with current responsibilities and security requirements.

User Roles in nanoStream Cloud

User Roles Update: No Action Needed

With the Bintu API v1.23.0.0 release introducing user roles, all users will retain their current permissions, now equivalent to the nanoAdmin role. Therefore, no immediate action is required from organizations.

nanoStream Cloud Dashboard Instructions

To learn more about user management using the dashboard, click here.

Three predefined roles are available to manage user permissions within an organization: nanoAdmin, nanoUser and nanoReadOnly. Each role grants specific access rights tailored to different needs.

User RoleResponsibilityAccess LevelPermissions
nanoAdminThe AdministratorHighestHas full control over all functions within the organization, including managing user roles and issuing new tokens to disable existing ones. Is the only role with access to user management and the API Key.
nanoUserThe OperatorHighCan perform all tasks related to stream management and operations, expect for changes that could disrupt operations, such as deleting or stopping streams or changing critical settings.
nanoReadOnlyThe ObserverLowHas read-only access to basic information such as stream configuration, stream states, metrics and alerts.
More Info

For a detailed overview of each role's permissions, refer to the High-level Permission Overview.

API Endpoints

Bintu API Endpoints

OperationRouteDescriptionAccess LevelDedicated docs
PUT/user/permissionUpdate the user role of a user in your organizationnanoAdminMore info
PUT/user/tokenkeyRenew a user tokenkey to invalidate previously created API tokensnanoAdminMore info
GET/permissionGet the available endpoint valids for a given permission (by name)nanoAdminMore info
GET/permission/listList available roles and the associated permissions for your organizationnanoAdmin, nanoUserMore info
GET/userDisplays the permission of users and an internal identifier (enhanced existing endpoint)nanoAdmin, nanoUserMore info

Token API Endpoints

OperationRouteDescriptionAccess LevelDedicated docs
POST/bintu/tokenCreate an API token for the Bintu servicesnanoAdminMore info

High-level Permission Overview

API Access

CapabilitynanoAdminnanoUsernanoReadOnly
Get API Key
Get Player Key
Get User API Token

Webhook Management

CapabilitynanoAdminnanoUsernanoReadOnly
Set Custom Webhook

User Management

CapabilitynanoAdminnanoUsernanoReadOnly
Get Users
Create User
Invite User
Edit User
Reset User API Tokens
Delete User

Stream Management

CapabilitynanoAdminnanoUsernanoReadOnly
Get Streams
Create Stream
Stop stream
Lock stream
Unlock stream
Delete stream

Tag Management

CapabilitynanoAdminnanoUsernanoReadOnly
Get Tags
Create Tag
Edit Tag
Delete Tag

Playback & Monitoring

CapabilitynanoAdminnanoUsernanoReadOnly
Create Playback Token
Get Metrics and Alerts
Last updated on