This article provides information on implementing Role-Based Access Control (RBAC) in Aware, including key terminology, suggested configurations, and tips for efficiently managing roles, permissions, and data access.
Considerations
- Confirm if you plan to grant additional access to users. If so, define the user request workflow.
- Identify the type of user training needed to ensure success.
- Determine whether RBAC training sessions should be customized for the specific needs of each department using Aware.
- Review the step-by-step documentation for setting up Data Access Sets and Roles.
- Specify your preferred structure for ongoing support for these additional users.
RBAC Terminology
- Data Access Set: Data Access Sets allow users to organize various objects within Aware (Custom Reports (coming soon), Search requests, Signal policies, etc.) and restrict access as needed to data from different collaboration platforms. An Aware system administrator can create a Data Access Set either directly or during the creation of a role.
- Roles: Roles are groups of users with the same permissions and data visibility in Aware. Permissions and data access are assigned based on the role responsibilities and the data that needs to be accessed.
- Users: A user is an individual or group of individuals that can be assigned to specific roles.
- Permissions: A defined set of rules that indicate the capabilities available to a specific role.
- Signal Admin: You have full access to all Data Access Sets for your organization and can view and edit all Signal policies and rules.
- Search & Discover Admin: You have full access to all Data Access Sets for your organization and can see and edit all searches. You can create searches, view all search results regardless of Data Access Sets, and modify and/or rerun any search.
- Spotlight Admin: Complete data access, access to all Spotlight Platforms and Groups data, and Custom Reporting data.
Recommendations
Ensure Operational Efficiency: Role-based access Controls ensure that the appropriate employees have the right amount of data to do their jobs successfully. These controls make it easy for organizations to add, remove, or modify access if an employee is hired, fired, or changes roles.
Surveil Internal Projects: Role-Based Access Controls in Signal and Search & Discover applications allow you to create specific user roles when considering internal projects. This will limit data access and work to ensure that project information stays secure.
Limit Data Tracking: Some organizations only track specific data types. If your organization doesn’t want to see direct message data due to employee privacy, you can limit data visibility.
Key Reminders
- Only Aware System Administrators can perform the steps to implement Role-Based Access Control.
- You can select specific Microsoft Entra ID groups to add to the Data Access Set. Adding a Microsoft Entra ID will limit the scope of data available in Aware applications associated with Roles. For example, employees across the globe use your company’s collaboration tools, but you will only use Aware for US employees’ content.
- To view a summary list of your Roles, navigate to System Settings > Roles.
Comments
Please sign in to leave a comment.