The base of every cybersecurity strategy should be access control, where each user has enough empowerment to handle their daily tasks without granting more access than their role requires.
Role-based access control (RBAC) helps your organization find that balance by defining exactly what different users can access and control. It brings a more granular approach to access management while also streamlining policies and authorization processes.
With Action1’s latest RBAC enhancement, you gain even greater precision. From now on, you can assign roles more effectively, empowering employees with the exact level of access they need based on their role—no more, no less—strengthening both security and efficiency in your environment.
What’s New in Action1’s RBAC?
With this update, we’ve introduced two important enhancements that give you more flexibility when managing user permissions.
1. Assign Roles as a Standalone Permission
We’ve separated “Assign Roles” from “Manage Roles,” so you can delegate role assignment without handing over full control of role creation or editing. If you previously granted “Manage Roles” just so a user could assign roles, you can now empower them with “Assign Roles” only.
- Manage Roles – create, edit, or delete roles (at the enterprise or organization level).
- Assign Roles – assign and unassign users to and from specific roles, without modifying the roles themselves.
“Assign Roles” supports three scope options:
- Enterprise scope – assign any user to any role and view all users and roles across the enterprise.
- Organization scope – assign roles that belong to a particular organization, with visibility into all users and only that organization’s roles. Ideal for MSPs or companies with multiple business units.
- Login Email Wildcard (with or without organization) – assign roles only to users matching an email domain (via wildcard pattern, e.g., *@domain1.com).
- With an organization set: you can assign only organization-specific roles to users matching the domain pattern.
- With no organization set: you can assign any roles to users matching the domain pattern.
- Exclusion support: wildcard patterns can also exclude specific users or groups, with exclusions taking priority over included permissions for precise access control.
- Multiple wildcards can be added for greater flexibility.
2. Login Email Wildcard for User Permissions
The wildcard scope isn’t limited only to role assignments. It also applies to “View Users” and “Manage Users” functions, allowing you to restrict visibility and management rights to specific email domains.
- Administrators can only see, invite, or manage accounts that match the defined domain pattern.
- Example: an administrator scoped to *@finance.company.com can only see and manage Finance accounts, while all other users remain hidden.
How Will My Company Be Affected by Action1’s Latest RBAC Enhancements?
If you’re wondering how this will affect your organization and what to expect from now on, here’s what’s changed. Before this update, anyone who had the “Manage Roles” permission in our platform was able to not only view users but also manage and assign roles across a specific organization or the entire enterprise.
That meant if you wanted someone to be able to assign roles to other employees, you had to give them full control over creating, editing, and deleting them as well, which in many cases isn’t necessary. This approach equipped specific employees with more power than they should have. That’s not the case anymore.
Now, with the separation of the “Assign Roles” and “Manage Roles” permissions, you have more flexibility and control to allow certain users to only assign roles without giving them the ability to change how those roles are set up.
Important: Note that, after these changes, you must revise your existing “Manage Roles” permissions because they will no longer provide the same level of access; the new “Assign Roles” permission will not be implicitly included in them. Now’s the time to review your current settings. Look at who currently has the “Manage Roles” permission and decide if they should continue managing roles or just assigning them.
If role assignment is all they need to do, remove “Manage Roles” and give them the new “Assign Roles” permission instead. Then, apply the appropriate scope — Enterprise, Organization, or Login Email Wildcard — to match their responsibilities.
By doing this, you’ll avoid giving out more access than necessary, and you’ll ensure your team members can still do their jobs without overstepping into areas they don’t need to control.
The Direct Business Benefits of More Granular RBAC Control
Our role-based access control enhancements are designed to provide you with:
- More control over who does what– You can empower your team members to assign roles without equipping them with full role management privileges, which makes it easier to share responsibilities.
- Endpoint isolation – Email wildcards and organization scope guarantee that empowered users can see and manage the endpoints within their assigned organization, without access to devices from other groups, departments, or clients.
- Stronger compliance – Limiting who can assign roles and where they can assign them helps keep your organization aligned with internal policies and regulatory requirements.
Our Users Are the Heart of Action1’s Innovation
Action1 has always been a feedback-driven software company, where our customers’ input directly shapes our product roadmap and development priorities. Seeing our RBAC enhancements in action is incredibly rewarding, but what drives us most is knowing they solve real problems that your company faces every day.
What makes Action1 successful isn’t just our technology, but our community. That’s why we greatly appreciate it when you participate in our roadmap discussions, vote for future feature releases, and share your insights with us.
Thank you for being an integral part of Action1’s journey toward making cybersecurity more accessible and effective for everyone.
About Action1
Action1 is an autonomous endpoint management platform that is cloud-native, infinitely scalable, highly secure, and configurable in 5 minutes—it just works and is always free for the first 200 endpoints, with no functional limits. By pioneering autonomous OS and third-party patching – AEM’s foundational use case – through peer-to-peer patch distribution and real-time vulnerability assessment without needing a VPN, it eliminates costly, time-consuming routine labor, preempts ransomware and security risks, and protects the digital employee experience. Trusted by thousands of enterprises managing millions of endpoints globally, Action1 is certified for SOC 2 and ISO 27001.
The company is founder-led by industry veterans Alex Vovk and Mike Walters, American entrepreneurs who founded Netwrix, which has grown into a multi-billion-dollar industry-leading cybersecurity company.
