Hanzo
PlatformHanzo KMSPlatformAccess Controls

Additional Privileges

Learn how to add specific privileges on top of predefined roles.

Even though Hanzo KMS supports full-fledged role-base access controls with ability to set predefined permissions for user and machine identities, it is sometimes desired to set additional privileges for specific user or machine identities on top of their roles.

Hanzo KMS Additional Privileges functionality enables specific permissions with access to sensitive secrets/folders by identities within certain projects. It is possible to set up additional privileges through Web UI or API.

To provision specific privileges through Web UI:

  1. Click on the Edit button next to the set of roles for user or identities. Edit User Role
  2. Click Add Additional Privileges in the corresponding section of the permission management modal. Add Specific Privilege
  3. Fill out the necessary parameters in the privilege entry that appears. It is possible to specify the Environment and Secret Path to which you want to enable access. It is also possible to define the range of permissions (View, Create, Modify, Delete) as well as how long the access should last (e.g., permanent or timed). Additional privileges
  4. Click the Save button to enable the additional privilege. Confirm Specific Privilege

How is this guide?

Last updated on

Role-based Access Controls

Learn how to use RBAC to manage user permissions.

Temporary Access

Learn how to set up timed access to sensitive resources for user and machine identities.