Teamwork makes the dream work: Sub-users and their roles

Not everyone uses the BitNinja Dashboard for the same reasons when doing their work. We know that. Which is why we have different sub-user roles built into our Dashboard.

Why do you need sub-user roles?

If you need your accountant to download your subscriptions’ invoices without sharing your BitNinja account’s login details, and if you want your support crew to be able to check if an IP address is blocked or not without risking your account’s integrity, you just need an email address to make them an account that lets your staff do their job while you keep your parent user account’s credentials safe.

To make your account even safer, you can enable the 2FA (two-factor authentication) feature without closing your team members out of your account. Since everyone has his/her own account, they can use this feature so each account can be secured with the 2FA feature.

You can read more about our 2FA feature here.

How to create sub-users

You can choose from 5 different roles. Each role has access to different modules. Setting up user roles is a great way to allow everyone to their own job while keeping your Dashboard and credentials safe.

You can register a sub-user under your account in just 5 steps:

1. Click on your username on the Dashboard and choose Users menu point

2. Enter the first name
of your sub-user

3. Enter an email address. This needs to be an email address that is not registered already

4. Select the role of the new sub-user

5. Click the “Create User” button

After that is done, there will be an email sent out to the given email address with a confirmation link. Your employee will be able to set up a password to the account by clicking the link in the email.

You can choose from these roles:

An existing sub-user can be managed from the Users menu

at any point. Here, you can delete sub-users or change their roles, usernames and email addresses too. If you would like to change the server group under a Server Group Operator, you can do that as well.

Super Admin Role

When you register the main account at BitNinja, you will receive an account with the Super Admin permissions. This means you can do anything on the Dashboard from checking an IP address to setting up WAF rules and restoring files from the Infected files menu point. So, this is basically the “God-mode”. From the parent user account, you can edit, add and delete the sub-users of the parent account. There can only be one Super Admin per account.

Admin Role

A user that has the Admin role can also do the same things as the Super Admin but there can be multiple Admin sub-users in the same BitNinja account.

Accountant Role

The accountant can check the payment summary, change payment details and download the subscriptions’ invoices.
This sub-user has no permission to manage settings that would affect your server’s security. The accountant cannot change the WAF module’s settings or whitelist and blacklist IP addresses.

Server Group Operator

Grant this role to users in order to allow them to manage only a group of servers. This role will grant access to alter module settings and IP reputation. So, the Server Group Operator can switch on and off modules to a given group of servers. Server operators can also check, add and remove IPs to your blacklist, whitelist, and greylist. The Server Group Operator can additionally manage the WAF rules of the servers that belong to his/her server group.

To set this role to a user, the server group needs to be created beforehand.

You can do that from the Dashboard from the Servers menu point. You just need to click on the “Create Group” button at the top left of your screen and select the servers that you wish to put into one group. A server group may contain any number of servers.

After this is done, you can select the server group when creating the Server Group Operator sub-user account.

If a user with this role adds an IP address to his/her greylist/blacklist or whitelist, it will affect all servers under the main account, not only on the server group. If you want to avoid the server group’s operator adding or delisting IP addresses to your main account’s greylist/blacklist or whitelist, we recommend making a separate Super Admin account which has only those servers that belong to the user.

If you have multiple such users who would require a Server Group Operator status, our reseller program might suit you better. 
This option makes the management for multiple server groups much easier as the greylist/blacklist and whitelists are not connected this way. If you are interested in this, please don’t hesitate to write us an email to info@bitninja.io and we will give you more information about it.

Server Operator

The Server Operator sub-user can manage all servers’
modules that are in the main account and they are also able to start Malware scans and manage Infected files. The Server Operator can add IP addresses to the greylist/blacklist or whitelist and enable or disable WAF rules on all the servers that are in the main account.

The server operator cannot change the payment settings and has no permission to download the invoices. Managing users is also not possible for this sub-user.

If you wish to make a sub-user that has access to only one server, please create a server group that contains only the given server that you would like to give to the sub-user to manage and create a Server Group Operator sub-user and the server group created previously.

Support

If a user has this role, he/she can only check IP addresses, domains, and servers. The support user can manage the greylist/blacklist or whitelist of the main account too, adding and delisting IP addresses.

The Support sub-user cannot modify payment settings or WAF settings or start Malware scans on the servers. So, the Support sub-user can only make changes to the greylist/blacklist and whitelist of the parent user’s account and check if an IP address is blocked or not.

We created this sub-user role based on our clients’ feedback as it was requested by our users. We know that most of the time, the Support crew has to work with the BitNinja Dashboard besides the server management crew.

To summarize each sub-user role’s permissions, here is a table about what each user can manage:

We are all ears

The development at BitNinja is driven by our customer’s feedback. Our goal is to help your job, which is why we created this sub-user role. So, all recommendations and feedback are welcome regarding our Dashboard or the BitNinja agent itself. If you have an idea that would make your BitNinja user experience even more ninjastic, please don’t hesitate to let us know how we could improve. You can send us your request on our Productboard Portal.