Roles & Permissions
This document provides details examining the new ‘Roles and Permissions’ functionality that has been enabled in ID3global
The administration of ‘Roles and Permissions’ is located within the ID3global Administration site:
https://www.id3global.com/GlobalAdmin/
Roles What is a Role?
Every account that is created within ID3global will be assigned what is called a ‘Role’. This ‘Role’, contains a list of permissions that will define what the account has access to. Below shows the default Roles already setup in ID3global.
Types of Role(s)
account managers
Members of this role have limited access to customer organisations
administrators
Members of this role can perform administrative operations
data extracts
Members of this role can export authentication records
everyone
Everyone in the organization
helpdesk
ID3global Helpdesk
investigator
DeviceID investigator. Use this role to grant access to the Reputation Manager
profile admins
Members of this role manage profiles
users
Members of this role can perform user operations such as authentications
How to assign a Role to an Account
1) Login to the ID3global Admin portal https://www.id3global.com/GlobalAdmin
2) Select ‘Account’ from the central menu or top toolbar
3) There are two ways to assign a role to an account.
Either:
• Assign the account a role during the ‘Account Creation’ process Or
• Select an existing account and add the role to it
When creating an Account
Select ‘Add’ from the left hand side in the Accounts Menu and then will then be prompted to enter details for a new Account as below:
Select the arrow to proceed to the next screen. The next option is to select which Role(s) the account is to be associated with by selecting the sliders in the include column.
The ‘Role(s)’ the account has, governs the permissions of the account
Adding a Role to an existing Account
Select Accounts from the Home screen
Select the Account from the list of accounts displayed
Select ‘role membership’ to view the list of roles the account currently has
To add a specific role to an account, select the slider so it is right-facing and then select ‘UPDATE’ to save any changes. To remove a role from an account, select the slider so it is ‘left-facing’
Creating a new Role
There may be a requirement to create a new role. For example, if a user account needed to be able to view profiles, but not have permission to amend them. To do this:
1) Login to the admin portal and select ‘Accounts’
2) Select ‘roles’ from the top left of the page
3) Select ‘ADD’ from the left hand side
4) Give the Role a name and description. Select whether members of this role are still required to conform to the Administrator Password Policy
5) In the example above, a new role is to be created that will allow an account to be able to view any profiles within the admin site, but not make any changes. Creating the role is the first part of this process. The next step is to add ‘Permissions’ to the role
Permissions
A specific role can be assigned different Permissions. Permissions govern what a ‘Role’ can and cannot do
To assign a specific permission to a role:
1) Login to the ID3global Admin Site
2) In this example, the role set up previously (ProfileView) is going to be given the permission to view profiles only. Select ‘Profiles’. The ‘Manage Profiles’ screen will then be loaded
3) Select ‘Permissions’ from the ‘Manage Profiles’ screen
4) A list (below) is then displayed showing which roles have access to ‘Manage Profiles’ and what type of permission they have
5) Within this list, the role created earlier ‘ProfileView’ can be seen and as it stands, the role does not have any permission to access profiles. By selecting the drop down box, the permission can be changed to any of the below options
The permissions above in relation to ‘Profiles’ mean the following:
6) Therefore, by giving the Role the permission ‘Read’ from the dropdown box, any account with the ‘ProfilesView’ Role assigned will be able to ‘List Profiles – cannot modify or create new ones’
7) So in the example above, members of the ‘Profile Admins’ Role will have access to Create Profiles, Update Name/Description, Update State, Update Profile Version – whereas ‘ProfileView’ Role members will only be able to List Profiles – cannot modify or create new ones