Proposal for Fine-Grained RBAC and Least-Privilege Access in Manta

Background

The role Configurator (aka ROLE_CONFIGURATOR) and Process Manager (aka ROLE_PROCESS_MANAGER) in Manta bundle multiple capabilities. These roles are not sufficiently granular, and therefore prevent us from assigning permissions to users Manta that are limited to the administrative work that these users should perform.

The following are some examples of how these roles are not sufficiently granular:

• Adminitrative tasks related to Connections (create/import/export/delete/validate) are bundled into the Common Configuration role.
• Admins can’t grant connection-only capabilities without unintentionally enabling global configuration changes.
• Similarly, Process Manager roles blend definition management with execution rights in a way that complicates least-privilege setups.

This violates least privilege principles and makes it hard to:

• Give integrators or operators the ability to manage connections without touching global configs.
• Grant restricted configuration edits (only select fields) without broader write privileges.
• Cleanly separate definition lifecycle from execution/termination in workflow management.

Current Roles (as observed) in Manta

From our analysis:

• ROLE_CONFIGURATOR_READ → export connection(s)
• ROLE_CONFIGURATOR_WRITE → delete/validate/import connection(s), common config + connection
• ROLE_CONFIGURATOR_SYSTEM_WRITE → common configs
• ROLE_CONFIGURATOR_INTEGRATION_WRITE → common configs
• ROLE_PROCESS_MANAGER_READ → find workflow templates/executions/definitions, export workflows
• ROLE_PROCESS_MANAGER_WRITE → create/update workflow definitions; delete/import workflows
• ROLE_PROCESS_MANAGER_EXECUTE → execute and terminate workflows

Issue: Connection actions live under “Configurator Write,” which also grants “Common Configs.” There’s no role that does connection-only management.

Proposed Enhancements:

New Fine-Grained Permissions (Decoupled) introduce capability-scoped permissions that can be assigned to roles:

Connections

• CONNECTION_READ: Permission that allows users to view connection
• CONNECTION_EXPORT: Permission that allows users to export connection
• CONNECTION_VALIDATE: Permission that allows users to validate connection
• CONNECTION_IMPORT: Permission that allows users to import connection definition.
• CONNECTION_CREATE: Permission that allows users to create connection
• CONNECTION_UPDATE: Permission that allows users to update connection
• CONNECTION_DELETE: Permission that allows users to delete connection

Common Configuration

• CLI_CONFIG_COMMON_READ: Permission that allows users to view common configurations
• CLI_CONFIG_COMMON_WRITE : Permission that allows users to edit common configurations
• SERVER_CONFIG_COMMON_READ: Permission that allows users to view server common configurations
• SERVER_CONFIG_COMMON_WRITE: Permission that allows users to edit server common configurations
• INTEGRATION_CONFIG_EXPORT_WRITE: Permission that allows users to edit export mapping configurations. Example: Integrations > Alation > Alation Export DB2 Mapping
• INTEGRATION_CONFIG_EXPORT_READ: Permission that allows users to view export mapping configurations. Example: Integrations > Alation > Alation Export DB2 Mapping
• INTEGRATION_CONFIG_EXPORT_COMMON_READ:Permission that allows users to view export common configurations. Example: Integrations > Alation > Alation Export Common
• INTEGRATION_CONFIG_EXPORT_COMMON_WRITE: Permission that allows users to view export common configurations. Example: Integrations > Alation > Alation Export Common
• ADMIN_CONFIG_COMMON_READ: Permission that allows users to view Admin UI common configurations . Example:  Admin UI > Common > Server Timeout
• ADMIN_CONFIG_COMMON_Write: Permission that allows users to edit Admin UI common configurations Example:  Admin UI > Common > Server Timeout

Workflow Management

• WORKFLOW_DEF_READ: Permission that allows users to read workflow.
• WORKFLOW_DEF_CREATE: Permission that allows users to create workflow.
• WORKFLOW_DEF_UPDATE: Permission that allows users to update workflow
• WORKFLOW_DEF_DELETE: Permission that allows users to delete workflow
• WORKFLOW_DEF_IMPORT: Permission that allows users to import workflow
• WORKFLOW_DEF_EXPORT: Permission that allows users to export workflow
• WORKFLOW_EXECUTE: Permission that allows users to execute workflow
• WORKFLOW_TERMINATE: Permission that allows users to terminate workflow
• WORKFLOW_OBSERVE: Permission that allows users to view workflow execution logs.

Requirements

Create separate permissions in Manta for users who need to 

Administer connections: These users administrate connections (create, delete, validate, export, and import) but should NOT be able to edit common Manta configuration.

Manage workflows: These users should be able to create, update, and delete workflows in Manta. 

Manage Common Configurations: These users should be able to view and edit common Manta configuration related to a specific technology. Example: CLI > DB2 > DB2 Common)

Manage Alias Configurations: These users should be able to view and edit alias configuration related to a specific technology. Example: CLI > DB2 > DB2 Alias Mapping)

Manage Server Configurations: These users should be able to view and edit server configurations. Example: Server >  Common > Neo4j Configuration

Manage Integration Configurations: These users should be able to view and edit Integration configurations. Examples: Integrations >  Alation  > Alation Export Common ; Integrations >  Alation  > DB2 Alation Mapping

Benefits

1. Improved Security

• Users are granted only the permissions required for their job function, following the principle of least privilege.
• Reduces the risk of unauthorized access and limits the damage from compromised accounts.
• Helps prevent privilege creep as users change roles or projects.

2. Simplified Access Management

• Administrators manage access by assigning roles instead of individual permissions, making administration far more efficient.
• Onboarding, offboarding, and role changes are streamlined.

3. Scalability

• RBAC scales well as organizations grow.
• Adding new users or systems doesn’t significantly increase administrative complexity.

4. Consistency and Standardization

• Ensures consistent permission assignment across users with the same responsibilities.
• Reduces configuration errors caused by manual permission assignment.

5. Easier Auditing and Compliance

• Auditors can easily review roles and understand who has access to what and why.
• Supports compliance with standards and regulations such as:
  • ISO 27001
  • SOX
  • HIPAA
  • GDPR

6. Faster Onboarding and Offboarding

• New users gain productivity faster.
• Access revocation is immediate and complete when a user leaves or changes roles.

7. Reduced Administrative Overhead

• Fewer errors and less time spent managing permissions manually.
• IT and security teams can focus on strategic tasks rather than access fixes.

8. Supports Separation of Duties (SoD)

• Prevents conflicts of interest by enforcing business rules through roles.
• Critical for financial and security-sensitive systems.