Questions to Consider:
- Do you intend on granting additional access for users? If yes, how will the user request workflow look?
- What type of user training do you need to be successful?
- Should RBAC training sessions be relevant to each department that will be using Aware?
- Have you looked through the step-by-step documentation on setting up Data Access Sets and Roles?
- What do you want ongoing support to look like for these additional users?
RBAC Terminology:
- Data Access Set: Data Access Sets provide the ability to organize various objects within Aware (Custom Reports (coming soon), Search requests, Signal policies etc.) and restrict access as needed to the data from different collaboration platforms. An Aware system administrator can create a Data Access Set either directly or during the creation of a role.
- Roles: Roles are groups of users with the same permissions and data visibility in Aware. Permissions and data access are assigned based on the responsibilities of that Role and the data that needs to be accessed.
- Users: A user is an individual or group of individuals that can be assigned to specific roles.
- Permissions: Defined set of rules that indicate the capabilities available to a specific role.
- Signal Admin: You have full access to all Data Access Sets for your organization and can view and edit all Signal policies and rules.
- Search & Discover Admin: You have full access to all Data Access Sets for your organization and can see and edit all searches. You can create searches, view all search results regardless of Data Access Sets, and can modify and/or rerun any search.
- Spotlight Admin: Complete data access as well as access to all Spotlight Platforms and Groups data, as well as Custom Reporting data.
Best Practices:
Ensure Operational Efficiency: Role-Based Access Controls work to ensure that the appropriate employees have the right amount of data to successfully do their jobs. These controls make it easy for organizations to add, remove, or modify access in the event an employee is hired, fired, or changes roles.
Surveil Internal Projects: Role-Based Access Controls in Signal and Search & Discover applications allows you to create specific user roles when thinking about internal projects. This will limit data access and work to ensure that project information stays secure.
Limit Data Tracking: Some organizations are only interested in tracking specific data types. If your organization doesn’t want to see direct message data, due to employee privacy, you are able to limit data visibility.
Tips to Remember:
- Only Aware System Administrators can perform the steps to implement Role-Based Access Control.
- You can select specific Azure Active Directory (AAD) Groups to add to the Data Access Set. Adding an AAD will limit the scope of data available to use in Aware applications associated with Roles. For example, employees across the globe use your company’s collaboration tools but you will only use Aware for US employees’ content.
- To view a summary list of your Roles, navigate to System Settings > Roles.