Each organization has one main account (the first registered user) and multiple secondary users. Users are managed from the User management menu. Users can be configured with the following properties:
- Email and password - the main authenticaton credentials. Users are encourage to change the initial password after login.
- Role - the role defines what part of the functionality is accessible to the user. Predefined roles are: Admin, Manager, Security analyst, Sysadmin, Developer, IT, Auditor, Business analyst and Public user. Admins have full control, managers have access to most features except organization configuration, Other staff have access to technical features and Auditors and public users have access only to the dashboard. Custom roles can be defined as well
- Allowed data sources - the data sources to which the user has access. If none are selected the user has access to all data sources.
- Expiration date - optional, sets a date when the user is automatically deleted. Useful for auditor accounts for the duration of an audit.
- Password - optional, if not set, the user will receive an email to set their password.
Role-based access control¶
Access to particular data sources can be defined using custom roles. Each user can be assigned one or more roles that define access to particular data sources. A role can also have access to a group of data sources, rathe than individual sources.
Custom roles support hierarchies - a child role inherits all data sources from a parent role, allowing flexible and granular access control.