Skip to main content

id3globalsupport.com

Roles & Permissions

This document provides details examining the new ‘Roles and Permissions’ functionality that has been enabled in ID3global

The administration of ‘Roles and Permissions’ is located within the ID3global Administration site:

https://www.id3global.com/GlobalAdmin/

Roles What is a Role?

Every account that is created within ID3global will be assigned what is called a ‘Role’. This ‘Role’, contains a list of permissions that will define what the account has access to. Below shows the default Roles already setup in ID3global.

Types of Role(s)

Screenshot_33.jpg
  • account managers

  • Members of this role have limited access to customer organisations

  • administrators

  • Members of this role can perform administrative operations

  • data extracts

  • Members of this role can export authentication records

  • everyone

  • Everyone in the organization

  • helpdesk

  • ID3global Helpdesk

  • investigator

  • DeviceID investigator. Use this role to grant access to the Reputation Manager

  • profile admins

  • Members of this role manage profiles

  • users

  • Members of this role can perform user operations such as authentications

How to assign a Role to an Account

1) Login to the ID3global Admin portal https://www.id3global.com/GlobalAdmin

Screenshot_34-700x442.jpg

2) Select ‘Account’ from the central menu or top toolbar

Screenshot_35.jpg

3) There are two ways to assign a role to an account.

Either:

• Assign the account a role during the ‘Account Creation’ process Or

• Select an existing account and add the role to it

When creating an Account

Select ‘Add’ from the left hand side in the Accounts Menu and then will then be prompted to enter details for a new Account as below:

Screenshot_36.jpg

Select the arrow to proceed to the next screen. The next option is to select which Role(s) the account is to be associated with by selecting the sliders in the include column.

Screenshot_37.jpg

The ‘Role(s)’ the account has, governs the permissions of the account

Adding a Role to an existing Account
Screenshot_38-700x433.jpg

Select Accounts from the Home screen

Screenshot_39.jpg

Select the Account from the list of accounts displayed

Screenshot_40.jpg

Select ‘role membership’ to view the list of roles the account currently has

Screenshot_41.jpg

To add a specific role to an account, select the slider so it is right-facing and then select ‘UPDATE’ to save any changes. To remove a role from an account, select the slider so it is ‘left-facing’

Creating a new Role

There may be a requirement to create a new role. For example, if a user account needed to be able to view profiles, but not have permission to amend them. To do this:

1) Login to the admin portal and select ‘Accounts’

Screenshot_42-700x445.jpg

2) Select ‘roles’ from the top left of the page

3) Select ‘ADD’ from the left hand side

4) Give the Role a name and description. Select whether members of this role are still required to conform to the Administrator Password Policy

Screenshot_43.jpg

5) In the example above, a new role is to be created that will allow an account to be able to view any profiles within the admin site, but not make any changes. Creating the role is the first part of this process. The next step is to add ‘Permissions’ to the role

Permissions

A specific role can be assigned different Permissions. Permissions govern what a ‘Role’ can and cannot do

To assign a specific permission to a role:

1) Login to the ID3global Admin Site

Screenshot_44.jpg

2) In this example, the role set up previously (ProfileView) is going to be given the permission to view profiles only. Select ‘Profiles’. The ‘Manage Profiles’ screen will then be loaded

Screenshot_45.jpg

3) Select ‘Permissions’ from the ‘Manage Profiles’ screen

4) A list (below) is then displayed showing which roles have access to ‘Manage Profiles’ and what type of permission they have

Screenshot_46.jpg

5) Within this list, the role created earlier ‘ProfileView’ can be seen and as it stands, the role does not have any permission to access profiles. By selecting the drop down box, the permission can be changed to any of the below options

Screenshot_47.jpg

The permissions above in relation to ‘Profiles’ mean the following:

Screenshot_48.jpg

6) Therefore, by giving the Role the permission ‘Read’ from the dropdown box, any account with the ‘ProfilesView’ Role assigned will be able to ‘List Profiles – cannot modify or create new ones’

Screenshot_49.jpg

7) So in the example above, members of the ‘Profile Admins’ Role will have access to Create Profiles, Update Name/Description, Update State, Update Profile Version – whereas ‘ProfileView’ Role members will only be able to List Profiles – cannot modify or create new ones