View Source

Implementing Access Controls for Specific Projects on the Platform

Access Controls in the Platform allow administrators to grant users precise, role-based access to specific parts of the platform, such as Projects, Phases, Questionnaires, Assets, and Asset Groups. This ensures that users only see the information relevant to their responsibilities, maintaining data security and supporting controlled collaboration.

Important Note on User Groups and Access Permissions:

If user groups are assigned at the user creation step, these will override individual Access Permissions. The Platform will indicate any ineffective permissions with a conflict badge.

Steps to Assign Access Controls

1. Navigate to Access Controls

From the left-hand Permissions sidebar menu, select Access Controls.

2. Create New Permission

Click ‘+ New permission’ in the top-right corner.

3. Select User

Choose the user from the ‘User’ drop-down menu to whom you want to assign access.

4. Define Permission Type

Select the appropriate permission type based on the area of access required:
- Project Access
- Phase Access
- Questionnaire Access
- Asset Access
- Asset Group Access

5. Choose Target Entity

Based on your selection in Step 4, choose the corresponding:
- Project
- Phase
- Questionnaire
- Individual Asset
- Asset Group

6. Set Access Level

Define the appropriate access level for the user:
- View Only: User can only view data.
- Editor: User has read/write access for remediation purposes.
- Administrator: Full management and configuration rights.

7. Finalise and Apply Permission

Click ‘Create permission’ to apply the settings.

Managing and Viewing Permissions

The Platform displays all user permissions in a structured table view.
Use filters to quickly manage or audit access by:
- Project
- Phase
- Questionnaire
- Asset
- Asset Group

Use Case: Asset and Asset Group Access

Asset Access: Grants a user visibility and control over a specific asset. This is ideal for scenarios where team members are responsible for only a subset of critical infrastructure.
Asset Group Access: Provides access to a predefined group of assets, such as all assets owned by a specific department or business unit. This supports collaboration in larger teams while preserving access boundaries.

These permission types are fully compatible with the One Issue View, ensuring users only see deduplicated vulnerability data related to their permitted assets.

Benefits of Granular Access Control

Enhanced Security: Restricts access to only the data a user is authorised to view.
Improved Focus: Teams are presented only with relevant assets and issues.
Simplified Management: Administrators can fine-tune access quickly using intuitive controls.
Collaboration at Scale: Supports MSSPs and large organisations by aligning access with operational responsibilities.

Conclusion

Access Controls are essential for managing visibility and collaboration across the Platform. With the addition of Asset and Asset Group Access, administrators gain more precision and flexibility in shaping secure, role-based access aligned with operational needs and compliance requirements.

Read more

How to Add Users

An Introduction to Permissions

User Roles