How Access Is Assigned in Cortx OS

Overview

Access in Cortx OS is resolved through a layered and deterministic model that separates authentication from authorization. While Identity Providers control how users are onboarded, access within the platform is governed through permissions, permission sets, roles, and user groups.
This model ensures that access is consistent, scalable, and auditable across the organization.

Access Resolution Flow

Access in Cortx OS is determined in the following order:

User → User Group → Role → Permission Set → Permissions → Effective Access

Each layer builds on the previous one to compute what a user can ultimately see and do within the platform.

How It Works

  • A user is onboarded into Cortx OS through an Identity Provider.

  • The user is added to one or more User Groups.

  • Roles are assigned to User Groups.

  • Each Role is composed of one or more Permission Sets.

  • Permission Sets contain individual Permissions defining allowed actions.

  • Cortx OS evaluates all applicable roles and permissions to determine the user’s effective access.

Managing Access

  • Access changes are made by updating User Groups, Roles, or Permission Sets.

  • Changes automatically propagate to all affected users.

  • Direct user role assignments can be used for exceptions.

  • Access is recalculated dynamically without manual intervention.

Best Practices

  • Assign access primarily through User Groups, not individual users.

  • Keep Permission Sets focused and reusable.

  • Avoid overlapping or conflicting roles.

  • Review access periodically to enforce least-privilege principles.

  • Separate identity onboarding from access authorization responsibilities.

Troubleshooting

Issue: User access does not match expectations

  • Resolution: Review:

    • User Group membership

    • Assigned Roles

    • Attached Permission Sets

    • Included Permissions

Following the access resolution order helps quickly identify where mismatches occur.

Related Links

Was this article helpful?

Report Inaccuracy

On this page

Driving ROI for businesses by leveraging the power of AI to Transform Ideas into Impactful Applications.

QUICK LINKS
PRODUCT
LEGAL
RESOURCES
REACH US OUT

XNODE Inc. provides access to its platform on an “as is” basis, and by using the platform, you agree to hold XNODE harmless and indemnify it from any claims arising from your use. Any access to materials, software, hosting, data development, design, “generative” solutions or other things are provided “as is”. Any materials or designs created may not be saved and will be subject to deletion. By using the Platform you acknowledge that you will participate in feedback discussions and provide bug reports. XNODE reserves all rights to the Platform. XNODE is dedicated to protecting your personal data. Click here to view our Privacy Policy

Copyright © XNODE Inc., All Rights Reserved