RBAC Design Tailored for Security - Abnormal Security

RBAC Design Tailored for Security

At Abnormal we created a simplified, security-driven RBAC design pattern that allows our customers to maximize their user set up with minimum hurdles. 

Based on our research, security users have the following set of concerns: 

  • Privacy: depending on role, security clearances, corporate regulations, users may only access only a subset of information or can only obtain very specific data access within each security product.  
  • Multi-tenancy vs Single tenant: gaining a single pane of glass for all email tenants can greatly reduce UX complexity, as well as being able to support the growing number of tenants as M&As can frequently occur within organizations. 
  • Big team vs. Small team: depending on team size, their roles and areas of focus may vary dramatically and therefore their needs for Abnormal differ as well.     
  • Managers/CISOs vs. SOC: Different security roles require different types of information such as reporting, incident investigation, admin access, etc.  
  • MSSP vs. In-house: UX may differ based on security staffing set up 

We designed the RBAC experience with the following roles & user experience so that regardless which type of security team composition you have, you can navigate our user management system easily set your organization with ease. We kept it simple so that our customers can focus less on configuration, more on protecting their organization. 


  • Global vs. per tenant 

This role is great for: small organization with simple user provision use case. Users can easily add any new user and give them complete access to Abnormal’s Portal. They do not need to touch the remainder of the RBAC system and can continue to enjoy the simplistic  experience. 

Per-product Access 

  • Global or per tenant
  • Read or R/W 
  • Show/hide email content 

This role is designed to be incredibly flexible. We designed in a way such that a complex organization can provision all aspects of a user and their access to Abnormal. This is great for a bigger team with analysts to cover different feature areas of Abnormal; MSSP teams that are only provisioned to see certain tenants and certain subset of email information; and CISOs who may only want to access the reporting aspect of Abnormal. 


  • Alerting only 

This role is designed to help non-SOC staff, mailing lists accounts, and general purpose accounts to stay informed of Abnormal’s activities via email notification only. We also want to be mindful of customers who may not be able to access Abnormal Portal or prefers to leverage email notifications for existing alerting and SOAR setup. 

While we know there is always room for improvement – our current design philosophy focuses on keeping it simple and security-driven but building a foundation so that we can support iterations and change. We look forward to hearing feedback and continue to evolve our design!