Admins
Oblique organizations include three default roles:
- Owner: Owns the Oblique organization, can perform all actions in Oblique, and receives all communications. Each Oblique organization has one owner.
- Admin: Manages the organization, including managing integrations, users, groups, resources, listings, and entitlements, and creating Oblique API keys.
- Member: Member of the organization. Members can become members of groups and have entitlements granting them access.
Objects can also have owners. Object owners are users or groups who can make or approve changes to an object, such as an attribute-based group, team group, reporting group, or listing. By default, Oblique admins are owners of all groups and listings in Oblique.
Although admins can create Oblique API keys, the organization owns these keys, not the individual admin. When you remove an admin, the API keys remain valid.
By default, the organization owner receives all communications about Oblique, including billing and security notifications.
Add an admin
Section titled “Add an admin”Navigate to the admins page.
- Under Admins, select Add admin.
- Search for and select the user you wish to add as an Oblique admin.
- Select Add admins.
Remove an admin
Section titled “Remove an admin”Navigate to the Admins page.
- Under Admins, locate the user to be removed. If you have a lot of admins, use the search bar to more easily find them.
- For the selected user, in the More menu, select Remove admin….
- Confirm you want to remove the admin, and select Remove admin.
Change the organization owner
Section titled “Change the organization owner”Navigate to the Admins page.
- Under Organization owner, select Change owner.
- Search for and select the user you wish to make the new owner.
- Select Update owner.
Permission matrix
Section titled “Permission matrix”By default, all members of an Oblique instance can make 📥 change requests, but cannot make changes directly. Depending on the type of request, some members who are the owners of affected objects can approve requests.
Users and resources cannot be directly added to Oblique. Instead, they are automatically imported when they are discovered in and synced from an integration.
The following actions can be taken by each role:
| Target | Action | Description | Owner | Admin | Object owner | Member |
|---|---|---|---|---|---|---|
User | CREATE | Import a user. | ❌ | ❌ | ❌ | ❌ |
Team | CREATE | Create a team group. | ✅ | ✅ | n/a | 📥 |
Team | DELETE | Delete a team group. | ✅ | ✅ | ✅ | 📥 |
TeamProfile | UPDATE | Update a team group’s description. | ✅ | ✅ | ✅ | ❌ |
TeamMember | CREATE | Add a user to a team group. | ✅ | ✅ | ✅ | 📥 |
TeamMember | DELETE | Remove a user from a team group. | ✅ | ✅ | ✅ | 📥 |
TeamOwner | CREATE | Add an owner to a team group. | ✅ | ✅ | ✅ | 📥 |
TeamOwner | DELETE | Remove an owner from a team group. | ✅ | ✅ | ✅ | 📥 |
Group | CREATE | Create an attribute-based group or reporting group. | ✅ | ✅ | n/a | ❌ |
Group | DELETE | Delete an attribute-based group or reporting group. | ✅ | ✅ | ✅ | ❌ |
GroupOwner | CREATE | Add an owner to an attribute-based group or reporting group. | ✅ | ✅ | ✅ | 📥 |
GroupOwner | DELETE | Remove an owner from an attribute-based group or reporting group. | ✅ | ✅ | ✅ | 📥 |
Resource | CREATE | Import or create a resource. | ❌ | ❌ | ❌ | ❌ |
Resource | UPDATE | Change a resource’s management mode. | ✅ | ✅ | ❌ | ❌ |
Entitlement | CREATE | Create an entitlement or assign a role. | ✅ | ✅ | ✅ | 📥 for a listing |
Entitlement | UPDATE | Edit an entitlement or edit a role assignment. | ✅ | ✅ | ✅ | 📥 for a listing |
Entitlement | DELETE | Revoke an entitlement or revoke a role. | ✅ | ✅ | ✅ | 📥 for a listing |
Listing | CREATE | Create a listing. | ✅ | ✅ | n/a | ❌ |
Listing | UPDATE | Edit a listing’s name, description, or visibility. | ✅ | ✅ | ✅ | ❌ |
Listing | DELETE | Delete a listing. | ✅ | ✅ | ✅ | ❌ |
ListingRole | CREATE | Add a role to a listing. | ✅ | ✅ | ✅ | ❌ |
ListingRole | UPDATE | Edit a listing role name, description. | ✅ | ✅ | ✅ | ❌ |
ListingRole | UPDATE | Edit a listing role mapping. | ✅ | ✅ | ❌ | ❌ |
ListingRole | DELETE | Remove a role from a listing. | ✅ | ✅ | ✅ | ❌ |
ListingOwner | CREATE | Add an owner to a listing. | ✅ | ✅ | ✅ | 📥 |
ListingOwner | DELETE | Remove an owner from a listing. | ✅ | ✅ | ✅ | 📥 |
ListingRolePolicy | CREATE | Add an auto-approval policy. | ✅ | ✅ | ✅ | ❌ |
ListingRolePolicy | DELETE | Delete an auto-approval policy. | ✅ | ✅ | ✅ | ❌ |
Integration | CREATE | Add an integration. | ✅ | ✅ | n/a | ❌ |
Integration | UPDATE | Update an integration to allow resource creation. | ✅ | ✅ | n/a | ❌ |
ServiceAccount | CREATE | Create an API key. | ✅ | ✅ | ❌ | ❌ |
ServiceAccount | DELETE | Revoke an API key. | ✅ | ✅ | ❌ | ❌ |
Admin | CREATE | Add an admin. | ✅ | ✅ | ❌ | ❌ |
Admin | DELETE | Remove an admin. | ✅ | ✅ | ❌ | ❌ |
Owner | UPDATE | Change the organization owner. | ✅ | ✅ | ❌ | ❌ |