Access Management & Permissions

Enhanced Role-Based Access Control (RBAC) System

Overview

This release introduces enhanced access control, allowing for module-level Read-Write and Admin access. The system now supports four distinct user roles, each with specific permissions and visibility within the platform.

User Roles & Permissions

1. Admin

  • Functionality: Admins act as Super Admins with comprehensive Read-Write (RW) access to all modules. They have the authority to create and manage users across all roles and modules.
  • Admins can view all users and the modules they are associated with.
  • Admins have the ability to add users of any role and assign them to one or more modules.

2. Module Admin

  • Functionality: Module Admins are created by Admins and are granted the ability to manage specific modules. They can create and manage users within those modules, with permissions limited to Read-Write (RW) or Read-Only (RO) access.
  • Module Admins can view users (RW and RO) relevant to their assigned modules only.
  • Module Admins can add and edit RW or RO users within their designated module(s).
  • Module Admins don’t have access to create, edit or remove another module admin.

3. User (Read-Write)

  • Functionality: Users with RW access can interact with the modules they have been scoped to. Admins can create Users with access to multiple modules, while Module Admins can create Users with RW access within their specific module(s).
  • Users can view all Admins, RW, and RO users associated with their modules.
  • RW Users do not have the ability to add new users.

4. Read-Only

  • Functionality: Read-Only (RO) Users can view but not modify content within the modules they have access to. Admins can create RO Users for multiple modules, while Module Admins can create RO Users within their specific module(s).
  • RO Users can view all Admins, RW, and RO users associated with their modules.
  • RO Users do not have the ability to add new users.

Important Note

Users cannot be directly converted to a different role (e.g., Admin, Module Admin). If a user’s role needs to be changed, the current process requires deleting the user and then re-adding them with the desired role, such as Admin, Module Admin, etc.

Additional Notes

  • Role Assignment: Only Admins can assign users to multiple modules. Module Admins are restricted to managing roles within their assigned modules. A Module Admin can have all of its modules enabled.
  • Team View Restrictions: Each role’s “Team” page is scoped to the users and modules relevant to their level of access, ensuring appropriate data visibility and management.

This feature set enhances security and governance by providing granular control over user permissions and module access, ensuring that each user only interacts with the data they are authorized to manage.