Roles and Role Based Access Control (RBAC)
Secure60 utilizes a robust Role-Based Access Control (RBAC) system to ensure that users have appropriate access to features and data within the platform. This system allows administrators to assign specific roles to users, defining what actions they can perform on various Portal functions (and API routes).
Overview of RBAC
RBAC is a method of regulating access to application, computer or network resources based on the roles of individual users within an organization. Roles are defined according to job competencies, authority, and responsibilities within the organization. The primary goal of RBAC is to simplify and streamline the management of user permissions.
Benefits of RBAC
- Improved Security: By restricting access to only those capabilities required for a user’s role, RBAC reduces the risk of unauthorized access.
- Simplified Compliance: RBAC helps ensure that users can only perform actions in line with regulatory requirements.
- Ease of Management: Centralized role management simplifies the process of granting and revoking permissions.
Available Roles in Secure60
Secure60 comes with the following predefined roles, each with a specific set of permissions:
Admin
- Description: Administrators have full access to all system features and settings.
Operator Manager
- Description: Operator Managers have more permissions than Operators, but fewer than Administrators. They can manage operational aspects but do not have full administrative privileges.
- This Role is useful for those that need to manage Operators but not deep control of the base Organisation settings.
- This Role has permission to update Rules in addition to Threats
Operator
- Description: Operators have basic access to perform read operations and limited write operations. They cannot delete resources.
- This Role is used for day to day operation within Secure60, This includes searching and looking at logs, Managing and updating Threats.
- This Role does not have access to update Rules.
Readonly
- Description: Readonly users can view data but cannot make any changes.
- This Role is useful for read only accesa and reporting purposes.
Managing Roles and Permissions
Administrators can assign Roles to users via the User Management component of Organisation Settings.
Notes
If you require custom Roles or configuration please contact Secure60 Support.
Back to top