We want SecureLink to be flexible enough to meet the needs of your business. Over the course of 2020, this philosophy encouraged us to reevaluate the structured permissions that allow users to see and modify the system at their fingertips. The changes we have made in the product over that last year (progressive changes culminating in release 20.4) all lend themselves to that philosophy and to ensure that SecureLink administrators never have to compromise security for convenience.
Explicit permissions give the administrator the ability to control their users on a more granular level than was previously possible. For example, in earlier versions of SecureLink, there was a permission called “manage_user”. This permission gave broad capabilities to create, edit, delete, and add user profiles as desired. In practice, we know that the desired use case for a role isn’t this broad; some roles just need to be able to view user profiles.
We introduced explicit permissions to the product so a user can be given explicit access to the functions in SecureLink they need without inherently receiving control over other functions. In the new permissions, you can give our example user a “view_user” permission that allows them to do just that, without allowing them to take other actions.
This is easily accessible and configurable in newer versions via the SecureLink UI, under System Admin > Roles:
While we are using this as an example for user permission, these explicit permissions expand across multiple entities across both SecureLink products such as User Groups, Vendors, Applications, Customers, and Gatekeepers. You are able to apply privileged permissions and choose what your users are able to access.
Explicit permissions are designed to apply the least-privileged access approach more widely across the many users that access SecureLink. You can benefit from applying this enhanced control over any user who has highly specific access needs on your SecureLink system. While applying permissions will differ based on the roles and responsibilities at your company, here are some common examples.
Auditor: This user has to access SecureLink periodically to perform an audit or compliance check. These users are “view only” roles because their job function doesn’t require modifying or removing, so you can create this user type by applying the view permission for all entities. Once created, the auditor can access what they need without your administrators needing to monitor their activity for accidental changes.
Process Manager: This user is regularly adding and editing entities, but only specific ones that fall within their domain of responsibility. An example of this is an office administrator whose role is to make sure new employees are created and configured in SecureLink. This office admin role could be applied to add, edit, and view users without granting higher administrative privileges on the system. This benefits both the office admin and system owners, narrowing the scope of access and eliminating potential user errors, such as accidentally accessing and changing other entities.
In both of these examples, the user is given access to exactly what they need, streamlining their day-to-day access and minimizing risk.
Reach out to your Customer Success Manager to request an upgrade! We will coordinate the right conversation to get your system and your team ready to use the new generation of permissions in the product. Our product experts will help identify your use case and goals and help you create roles that best fit your users.