Asset Security Groups and Access Controls
Objective: Gain an understanding of how Asset Access Controls and Security Groups are created and assigned, and how they affect Asset visibility for users.
Brightly Assetic provides the functionality for access to specific Assets or Categories to be restricted only to appropriate users. Asset visibility for a user affects most modules in the system, including Search, Data Exchange and Assessments.
This is done via the configuration on Security Groups and Asset Access Controls, and then assigning appropriate Access Controls to users via the User Management section of the Administration module.
Security Groups
The Security Group is a core attribute of an Asset:
The Security Groups that are available for each Asset are configured via the Assets section of the Administration module, in the Security Groups tab:
To add a new Security Group, click the 'Add Security Group' button:
Populate the Label and Description field, then click 'Update'. The Assets Count column displays the number of Assets in the system that belong to each Security Group. The name or description of an existing Security Group can be modified using the 'Edit' button.
Asset Access Controls
The Asset Access Controls that are available for each User are configured via the Assets section of the Administration module, in the Asset Access Controls tab:
Existing Asset Access Controls can be modified by selecting them from the list and clicking the 'Edit' button, or a new Asset Access Control can be created by clicking the 'Create' button:
-
Name: A free-text field to define the name of the Asset Access Control.
-
Asset Category: A search-field from which Asset Categories are selected, which defines which Categories are visible to users that have this Access Control. A minimum of one Category is required.
-
Security Groups: A search-field from which Security Groups are selected, which further refines which Assets are visible to users that have this Access Control.
-
Assigning Users to Asset Access Groups
The Asset Access Controls that are assigned to each User are configured via the User Management section of the Administration module:
To grant a user an Asset Access Control, click on 'Edit':
New Access Controls can be added, and existing Access Controls can be revoked.
.png)
Asset Visibility Rules
The specific Assets that are visible for a user are determined according to the following rules:
If the user has no Asset Access Control, or has an Access Control bypass role, they can see all Assets.
If the user has any Asset Access Controls, they can only view Assets whose Category and Security Group (if the Asset has a Security Group defined) are covered by at least one of the user's Access Controls.
NOTE If an Asset has no Security Group set, then it will be visible to any user who has access to that Asset's Category.
The User Roles which bypass the Asset Access Control feature and allow full visibility are:
-
Asset Admin
-
Asset Manager
-
Accounting Admin
-
Accounting Manager
-
Accounting Officer
-
Client Admin
-
Asset Visibility Example Use Case
How to Configure Security Group and Asset Access Control:
