Configuring and Managing Permission Sets


Permission Sets enable SGNL Administrators to grant granular control over the features and objects within the SGNL product.

Permission Sets are groups of permissions, able to be assigned to Users and/or Teams to provide them with the level of access they need to complete their tasks.

What are Permission Sets

Within each Permission Set there is a group of permissions.

An example Permission Set within SGNL is the Global Admin Permission Set. This should be granted sparingly to only a small set of Administrators that require full, global access to all features and objects within the SGNL Platform.

Within the Global Admin Permission Set, we see a range of Permissions that are expressed as the Resource, a period delimieter, then the level of access that is allowed, e.g. being granted the permission as part of the Permission Set would allow a User or member of a Team to read policies.

Users or Teams can be assigned 0 or more Permission Sets. Note A user having no Permission Sets assigned (either directly or through a team) will result in the user being unable to sign-in to the product or use any APIs, effectively disabling their access.

If more than 1 permission set is assigned (either directly or through a team), the permissions will be additive for the user. What this means is that if one Permission Set were to grant and another was to grant policies.create and policies.update all 3 of the aforementioned permissions would be granted to the user.


Permission Sets can have scoping applied through SGNL Labels. When Permission Sets are scoped, it means that all or some subset of the permissions they grant will be scoped only to the objects that have the label that the permission set is scoped to.

Given that not all objects in SGNL have or require a label, scoping a Permission Set will often (but not always) result in a mix of Global and Scoped Permissions.

Take for example the Policy Admin Permission Set. If I choose to Scope the assignment of that Policy for a given team, to the label Central IAM Team – SGNL will ensure that the team assigned this Permission Set will only be able to administer the Policies, Policy Versions, Snippets, and Snippet Versions (among others) that have the Central IAM Team label. These Policy Admins will however be able to see the Metrics and Logs globally within SGNL.

Assigning Permission Sets

If your User account has sufficient permission, you’re able to review and assign/unassign Permission Sets.

  1. Launch the SGNL Console and select Admin from the left navigation menu.
  2. Select the type of object you want to assign a Permission Set to, either a User directly or a Team (recommended)
  3. You can see the currently assigned Permission Sets alongside the list of teams
  4. To change the assigned Permission Sets, select the caret to the left of the team and select to Add Permission Set or hover an existing Permission Set to activate the Remove Permission Set context menu
  5. If Adding a Permission Set, click the button and choose the Permission Set – upon selection you’ll see the list of permissions associated with the set before saving
  6. Optionally, choose the permission scope by selecting a label to scope the permission set to
  7. You’ll have a final chance to review the permissions ans any scoping before saving