Gateway Access Permissions

Akeyless Access Roles control all user access levels for items, analytics, and usage reports.

In parallel with Gateway administrative operations, you can set the exact level of access your Gateway administrative users will have, from the management of just Dynamic or Rotated Secrets, up to, and including, complete admin rights.

📘

Info

Pre-Provisioned Admin Users - Pre-Provisioned settings of your Gateway Admin users can not be modified after setup. To limit already existing admin users of your Gateway, you will be required to remove them from your deployment files.

Configuring Access Permissions from the Gateway

👍

Note

Only Gateway Admin users can access and manage the Access Permissions settings.

To configure Access Permissions in your Gateway Configuration Manager, under the Access Permissions tab:

  1. Click New

  2. Define a meaningful Name for the item. e.g., Dynamic Secrets Admin

  3. From the Auth Method drop-down menu, choose the relevant Authentication Method and set the exact Sub-Claims identifying your users, and click Next

  4. In Permission Settings, select Admin or Custom

  5. If you choose Custom, select the relevant permissions to grant that Auth Method:

PermissionDescription
DefaultsManagement of the default settings of your Gateway
Zero-Knowledge EncryptionManagement of Zero-Knowledge
TargetsManagement of all Target items that were created using your Gateway
Dynamic SecretManagement of Dynamic Secrets
Rotated SecretManagement of Rotated Secrets
Classic KeysManagement of Classic Keys
Kubernetes AuthManagement of Kubernetes Auth Gateway configuration
LDAP AuthManagement of LDAP Auth Gateway configuration
Kerberos AuthManagement of Kerberos Auth Gateway configuration
CachingManagement of Gateway Cache settings
Automatic MigrationManagement of Automatic Migration settings
Log-ForwardingManagement of Log Forwarding settings
Event-ForwardingManagement of Event Forwarding settings
KMIPManagement of KMIP Servers
ACMEManagement of ACME Servers
Remote Access ConfigurationManagement of Remote Access configuration

Based on the selected operations, the relevant Auth Method will only have access to initiate those operations.

You can also manage your Gateway Access Permissions using the Console by going to the Gateways tab and selecting the desired Gateway. On the right side of the screen, click the Access Permissions tab.


Footer Section