Custom Roles
Last updated
Last updated
© 2024 PlexTrac, Inc. All rights reserved.
Administrators can tailor roles and permissions within the PlexTrac platform according to their specific requirements. This customization allows for efficient management of user access and privileges, ensuring a secure and organized environment.
If custom roles are required, create them before adding users. Otherwise, new users will need to be assigned to an existing role, and adding the custom role later will be an additional step.
When creating custom roles, PlexTrac provides the following recommendations:
Create a role without any permissions to assign unused or intermittent access users. By implementing this practice, administrators can prevent unnecessary access to sensitive information or critical functionalities, mitigating potential risks of granting unnecessary permissions.
Use the Principle of Least Privilege when assessing role permissions. This principle advocates granting users the minimum access required to perform their designated tasks effectively. By adhering to this principle, administrators can significantly reduce the attack surface and the potential impact of security breaches, enhancing the overall security posture of the system.
Conduct periodic user and role audits for an accurate user access posture. Regular user and role audits are essential to maintaining a secure user access environment. Periodic audits allow administrators to review and verify the permissions assigned to each user, ensuring that access rights align with individuals' current roles and responsibilities. This process helps identify deviations or discrepancies, providing the user access posture remains accurate and up-to-date.
When assigning roles to a user, giving each role a unique name is essential. Although PlexTrac generates a unique ID for each role in the backend, the user interface may display seemingly identical values, leading to confusion, as shown below.
Step 1: From the Role Based Access page under "Security" in the Admin Dashboard, click Create Role.
Step 2: Enter the fields provided on the page. Role Name and Role Description are required.
Templates as Baseline: Select the desired baseline template from the drop-down menu when creating a new role.
Role Name: This required field is the role's name and will appear on the Role Based Access page.
Enabled: This feature displays if the role is activated and provides a simple way to disable access temporarily.
Description: A brief description of the role (required).
Users Assigned: Place the cursor in the box and type a user to find and associate users to this role. If a user already belongs to another role, additional screens will appear to disable the previous role or inherit an additional role to existing permissions.
User List: Assigned users will appear in a list under the User Assigned box. They can be deleted by hovering over the name with the cursor and clicking the red trash can icon.
All users MUST be assigned to at least one role, and the platform will provide an error message if an attempt is made to disable a role that contains a user with no other assigned roles.
Step 3: Scroll down the page to select/deselect permissions for the role by clicking the provided tasks to define permissions. A purple button means permission has been given for the role, while a grey button means no permission has been enabled. Clicking a purple button again greys it out and disables authorization.
In this example, all permissions except the ability to manage style guides and access to the admin dashboard where the style guides are managed were removed.
Step 4: Click Save.
A summary page appears to review the list of users and permissions. Click Edit to adjust.
The new role is listed, along with the number of users assigned and configured permissions.
Every role will have at least five permissions displayed on this page, even if no tasks are enabled due to permissions that cannot be configured. For example, if two task buttons were enabled, a number of "7" will show as the total enabled permissions.