Access Controls
Implementing Access Controls for Specific Projects on the Platform
Access Controls in the Platform allow administrators to grant users precise, role-based access to specific parts of the platform, such as Projects, Phases, Questionnaires, Assets, and Asset Groups. This ensures that users only see the information relevant to their responsibilities, maintaining data security and supporting controlled collaboration.
Important Note on User Groups and Access Permissions:
If user groups are assigned at the user creation step, these will override individual Access Permissions. The Platform will indicate any ineffective permissions with a conflict badge.
Steps to Assign Access Controls
1. Navigate to Access Controls
From the left-hand Permissions sidebar menu, select Access Controls.
2. Create New Permission
Click ‘+ New permission’ in the top-right corner.
3. Select User
Choose the user from the ‘User’ drop-down menu to whom you want to assign access.
4. Define Permission Type
Select the appropriate permission type based on the area of access required:
Project Access
Phase Access
Questionnaire Access
Asset Access
Asset Group Access
5. Choose Target Entity
Based on your selection in Step 4, choose the corresponding:
Project
Phase
Questionnaire
Individual Asset
Asset Group
6. Set Access Level
Define the appropriate access level for the user:
View Only: User can only view data.
Editor: User has read/write access for remediation purposes.
Administrator: Full management and configuration rights.
7. Finalise and Apply Permission
Click ‘Create permission’ to apply the settings.
Managing and Viewing Permissions
The Platform displays all user permissions in a structured table view.
Use filters to quickly manage or audit access by:
Project
Phase
Questionnaire
Asset
Asset Group
Use Case: Asset and Asset Group Access
Asset Access: Grants a user visibility and control over a specific asset. This is ideal for scenarios where team members are responsible for only a subset of critical infrastructure.
Asset Group Access: Provides access to a predefined group of assets, such as all assets owned by a specific department or business unit. This supports collaboration in larger teams while preserving access boundaries.
These permission types are fully compatible with the One Issue View, ensuring users only see deduplicated vulnerability data related to their permitted assets.
Benefits of Granular Access Control
Enhanced Security: Restricts access to only the data a user is authorised to view.
Improved Focus: Teams are presented only with relevant assets and issues.
Simplified Management: Administrators can fine-tune access quickly using intuitive controls.
Collaboration at Scale: Supports MSSPs and large organisations by aligning access with operational responsibilities.
Conclusion
Access Controls are essential for managing visibility and collaboration across the Platform. With the addition of Asset and Asset Group Access, administrators gain more precision and flexibility in shaping secure, role-based access aligned with operational needs and compliance requirements.
Read more