Aware - Role-Based Access Control Overview

This article contains information on Role-Based Access Control (RBAC), a security model that assigns permissions and data access based on user roles, ensuring efficient management of access rights and safeguarding sensitive information.

What is RBAC?

Role-based Access Controls (RBAC) refers to the concept of assigning permissions and data visibility rights to groups of users based on their unique responsibilities within an organization. The user-role and role-permissions relationships make it easy to perform user assignments since users no longer need to be managed individually but instead have privileges that conform to the permissions assigned to their role(s).

User Management 

User Management will continue to be the central location within System Settings where Aware Admins can create and manage user profiles. Access/permissions to certain applications will continue to be managed within the user profile.

Data Access Sets

A Data Access Set (DAS) is a configurable way to limit data visibility. When paired with a role, it exposes only the data configured within the DAS to the role's users. Users in a role with a DAS restriction can see only the data they are allowed to see, even while sharing application access with roles that may have different data access.

A Data Access Set can be comprised of broad sources such as content platforms or sets of people, like Azure Active Directory lists, down to narrow sources like a single Slack channel. Once created, A Data Access Set can be used in as many roles as necessary.

Roles 

Roles are groups of users with the same permissions and data visibility in Aware. Roles ensure that employees access only the tools and information they need for their jobs and keep access to sensitive data safe and secure. As employees and their responsibilities change over time, roles make maintaining up-to-date permissions and data access across your organization easy.

Components of a Role:

• Overview.
• Permissions (+ application access).
• Data Access Sets.
• Users.

Signal with RBAC

Prior to RBAC, Signal permissions were based on a user’s relationship with select permissions and whether they had been added to a policy or not. Today, a user’s access to a policy will depend on their relationship with a Role and that Role’s relationship with a Data Access Set.

Search and Discover with RBAC

Prior to RBAC, Search permissions were based on a user’s relationship with select permissions in system settings. With RBAC, a user’s access to a search will depend on their relationship with a Role and that Role’s relationship with a Data Access Set. Search results will be visible based on their association with a Data Access Set.