Access Control
Define fine-grained policies that control who can access which resources, under what conditions.
Access Control Model
Remok uses Role-Based Access Control (RBAC) with optional conditions. Every access decision is determined by three factors:
- Identity β who is requesting access (user or group)
- Resource β which application or network resource is being accessed
- Conditions β time of day, IP range, device type, and more
Creating a Policy
Navigate to Admin Console β Security β Access Policies β Add Rule:
# Example: Engineering can access GitLab during business hours
Rule Name: Engineering-GitLab-Access
Apply To: Group: Engineering
Target: Application: GitLab
Time Window: MonβFri, 09:00β21:00
Device: Corporate devices only
Action: AllowAvailable Condition Types
| Condition | Description | Edition |
|---|---|---|
| Time Range | Allow access only within a specified time window | Pro |
| IP Allowlist | Restrict access to specific IP addresses or subnets | Pro |
| Device Type | Limit to corporate-managed devices | Enterprise |
| Geographic Region | Restrict by country or region | Enterprise |
π‘ Conditions can be combined. Rules are evaluated in priority order β the first matching rule is applied and evaluation stops.
Least-Privilege Design
Best practices for access policy design:
- Default-deny: start with no access, then explicitly grant per application
- Use groups rather than individual users for easier maintenance
- Review and prune stale rules quarterly
- Use time-limited rules for contractors and temporary access
Contractor and Time-Limited Access
For external vendors, create a temporary access rule:
Rule Name: Vendor-Portal-Temp
Apply To: Group: External-Contractors
Target: Application: Vendor Portal
Valid Until: 2026-06-30
Action: Allowβ οΈ Always set an expiry date for contractor access. Revoke group membership immediately when the engagement ends.
Viewing and Auditing Rules
All policy changes are recorded in the Audit Logs. To review effective access:
- Go to Admin Console β Security β Access Policies
- Use the "Simulate" button to test what a specific user can access
- Export the policy list as CSV for compliance review