Kepion security roles enhancements
PlannedIt'd be great to have the following improvements over the current security roles:
- Have a SECURITY ADMINISTRATOR (at website level), different from the SYSTEM ADMINISTRATOR, who can assign permissions to all the different Apps but can see no data nor the modeler tab, except it's assigned to the specific roles within the app. It's a typical request from cyber security areas to be able to manage security without being able to see sensitive data.
- Have an APPLICATION CREATOR role without the need of been a SYSTEM ADMINISTRATOR. This would allow users to create their own applications without being able to add new administrators, changing system properties or deleting other applications.
- Assigning AD Groups to SYSTEM ADMINISTRATOR and APPLICATION CREATOR roles, as of now, we can only add individual AD Users
Thanks,
Ignacio
-
Official comment
Hi Ignacio,
Thanks for the suggestions.
For the Security Administrator role, if they had the ability to assign permissions to any role, they would necessarily have the ability to assign themselves (or create a new role and assign that one) with permissions to view data, so we're not sure if there's a way that role would work as intended, securely.
For the Application Creator role, this would certainly be possible, but we were wondering if there was enough of a use-case to justify having this, as most installations we would imagine only have one, or maybe two, applications.
The last feature is definitely something that makes sense to us, and we've added it to the feature request list for the R&D team to prioritize.
Ian Britz
Comment actions -
Hi Ian,
Thanks for your response.
Regarding the Security Administrator role, obviously they'd have the ability to assign themselves wherever they'd like, but it's something that happens in most applications and big companies, where information security or cyber security areas (or their equivalent) are the one who assign permissions to specific user or roles. They're the ones who make sure everyone can just see what they should.
Regarding the Application Creator is something we imagine for Development Environments mainly, specifically for revendors or customers with multiple use-cases. Definitely is not something we believe its urgent, but a nice to have.
Thanks again!
Ignacio
Please sign in to leave a comment.
Comments
4 comments