Role Based Access
The Role Based Access button under "Security" in the Admin Dashboard gives administrators granular control over permissions within PlexTrac, such as actions allowed for a specific user, permissions for customers, access to client data, and report access to prevent all users from viewing sensitive data.

Roles and Permissions

PlexTrac allows for role-based access controls at the client level. This enables teams to grant users with the privileges required to accomplish tasks for specific clients.
PlexTrac uses role-based access controls. Three default levels of access exist:
  • Administrator: A user with access to all functionality for a client.
  • Standard User: A user who creates reports, adds findings, tracks status.
  • Analyst: A user who tracks and updates flaw status only.
The permission for the default roles are static, but new roles can be defined as desired, and users can belong to multiple roles and will have the sum of all the permissions they belong to.
Permissions are broken into two categories and assigned separately:
  • Platform-wide
  • Client-specific

Platform-wide Permissions

Platform-wide permissions include access to specific modules (WriteupsDB, Assessments, etc.), the Account Admin section, platform settings, and user management.
These permissions are specific to platform access and assigned in Role Based Access. If a user is assigned multiple roles, the permissions from each role are added together and then given to the user.

Client-specific Permissions

Client-based permissions are specific to the use and access for Clients, Reports, and Findings. These permissions are assigned on a client level and more information can be found by visiting Add User to Client.
The role assigned to a user at the client level sets the client, report, and finding permissions for that client.

Creating a Role

Step 1: From the Role Based Access page under "Security" in the Admin Dashboard, click Create Role.
Step 2: Select a template as baseline, if applicable. Enter a role name and description.
  • Templates as Baseline: Choose a baseline of permissions for this role with the drop-down. Role Name: Name of role (required). Enabled: If toggled on will dynamically restrict/give access for all users assigned to this role. Description: A brief description of role (required). Users Assigned: The list of users assigned to this role. When added, they will appear on the screen. They can be deleted by hovering over the name with the cursor and clicking the red trash can icon.
All users MUST be assigned to a role AT ALL TIMES. You'll receive an error if you attempt to disable a role that contains a user with no other roles assigned.
Step 3: Select permissions for the role by clicking the individual buttons identifying permissions. Purple means permission has been given for the role. Grey means no permission. Clicking a purple button again greys it out and disables permission for this role.
Step 4: Click Save.

Recommendations

PlexTrac has the following recommendations on this topic:
  • Create a role without permissions to assign unused or intermittent access users to.
  • Use the Principle of Least Privilege when assessing role permissions.
  • Conduct periodic user and role audits for an accurate user access posture.
Click Next below to learn about classification tiers.