Gateway Access Permissions
Akeyless Access Roles control all user access levels for items, analytics, and usage reports.
In parallel with Gateway administrative operations, you can set the exact level of access your Gateway administrative users will have, from the management of just Dynamic or Rotated Secrets, up to, and including, complete admin rights.
Info
Pre-Provisioned Admin Users - Pre-Provisioned settings of your Gateway Admin users can not be modified after setup. To limit already existing admin users of your Gateway, you will be required to remove them from your deployment files.
Configuring Access Permissions from the Gateway
Note
Only Gateway Admin users can access and manage the Access Permissions settings.
To configure Access Permissions in your Gateway Configuration Manager, under the Access Permissions tab:
-
Click New
-
Define a meaningful Name for the item. e.g., Dynamic Secrets Admin
-
From the Auth Method drop-down menu, choose the relevant Authentication Method and set the exact Sub-Claims identifying your users, and click Next
-
In Permission Settings, select Admin or Custom
-
If you choose Custom, select the relevant permissions to grant that Auth Method:
| Permission | Description |
|---|---|
| Defaults | Management of the default settings of your Gateway |
| Zero-Knowledge Encryption | Management of Zero-Knowledge |
| Targets | Management of all Target items that were created using your Gateway |
| Dynamic Secret | Management of Dynamic Secrets |
| Rotated Secret | Management of Rotated Secrets |
| Classic Keys | Management of Classic Keys |
| Kubernetes Auth | Management of Kubernetes Auth Gateway configuration |
| LDAP Auth | Management of LDAP Auth Gateway configuration |
| Kerberos Auth | Management of Kerberos Auth Gateway configuration |
| Caching | Management of Gateway Cache settings |
| Automatic Migration | Management of Automatic Migration settings |
| Log-Forwarding | Management of Log Forwarding settings |
| Event-Forwarding | Management of Event Forwarding settings |
| KMIP | Management of KMIP Servers |
| ACME | Management of ACME Servers |
| Remote Access Configuration | Management of Remote Access configuration |
Based on the selected operations, the relevant Auth Method will only have access to initiate those operations.
You can also manage your Gateway Access Permissions using the Console by going to the Gateways tab and selecting the desired Gateway. On the right side of the screen, click the Access Permissions tab.
Updated 19 days ago