Users can now be added to multiple roles within Secure & Govern. Role based access(RBAC) is an additive model in Secue & Govern, so a user’s effective permissions are the sum of their role assignments.
In cases where a user has multiple roles, an administrator should configure how RBAC is applied, so any conflicts between roles are addressed and a user does not end up with more permissions than intended. This is one way that organizations can ensure separation of duties.
RBAC enables Admins to restrict access and delegate responsibilities by creating distinct roles. For example, an admin might want only the legal team to have the ability to view the sensitive content in an unredacted form within the repository, which they can now accomplish by creating a separate role for them.
Predefined Default Roles
Egnyte Secure & Govern supports five predefined default roles: Admin Role, Basic User Role, Power User Role, Data Owner Role, and Basic Viewer Role. These are the most commonly used roles in most organizations. The entitlements of these roles have been predefined and can be directly assigned to individual users. The role hierarchy and entitlements are briefly described below
- Admin Role has full access including all the privileges and permissions for the entire system.
- Power User Role has limited access to the issues, permissions, and sensitive content views. These users can only see folders where they are folder owners within a content source.
- Basic User Role has limited access and only has access to the issues View
- Data Owner Role has limited access to permissions and sensitive content views. These users will only be able to see folders where they are assigned as Data Owners.
- Basic Viewer Role is the most restrictive role. Users will have the ability to log into Secure & Govern and only allows users to comment on issues they are assigned
For more information on Data Owner restricted view option see Data Owner - Restricted Views in Secure & Govern.
Custom Roles
With Custom Role, administrators can grant precise privileges based on each user's responsibilities and business needs.
Create a New Role
- Navigate to Settings -> User Management -> Roles tab.
- Click the Add Role button.
- Select the abilities that you want to provide to the role and then click the Save Role button to save the role.
- Admins can also Edit, View, or Delete the Role.
Assign User to a Role
Using Users Tab
- Navigate to Settings -> User Management -> Users tab.
- Click the Add User button.
- Enter the details about the user and then assign the Role(s) by selecting from the list of options.
- Click on Add to create the User with the desired Role.
Using Roles Tab
- Navigate to Settings -> User Management -> Roles tab.
- Click the Edit role option for the desired user role
- Go to the Users with this role tab
- Select the Add user to role button
- Enter a username or email address in the Add a new user window
- Select the Add button.
Reviewing User Role Assignments & Effective Permissions
- Navigate to Settings -> User Management -> Users tab.
- Click the ">" (arrow) to the right of the desired user
- Users detail window appears.
- From here, you can review the user's role assignments. You can also remove a role assignment by selecting the "trash can" symbol found to the right of the role.
- Select Show effective permissions to review a user's full system permissions