Roles & Permissions

In this we define and elaborate on the roles and permissions assigned to different users within our system. We outline four distinct user types:

Service Provider Admin,

Service Provider Analyst,

Client Admin, and

Client Analyst

Each user type is assigned specific responsibilities and permissions tailored to their role in the system. The document provides an overview of these roles, detailing their respective duties and the permissions they possess. By clearly defining these roles and permissions, we ensure efficient management and utilization of our services, fostering effective collaboration between service providers and clients.

\

Service Provider Admin:

  This role has administrative privileges . 

  **Permissions:**
  • User Management: Create, update, delete, and view users. Admins can manage user accounts, roles, and permissions.

  • System Settings: Modify system-wide settings, configurations, and parameters.

  • Access Control Management: Define and modify roles and permissions, assign roles to users, and manage access levels.

  • Security Settings: Manage security policies, including password policies, two-factor authentication settings, and access controls.

    \

Provider Admin Privileges Overview:

The Service Provider Admin has the following key privileges:

Creation of Child Organizations

Management of Users within Organizations

Access to Default Organization and Child Organizations

Privileges Breakdown:

a. Creation of Child Organizations:

  • The Service Provider Admin has the authority to create child organizations under their default organization.

  • Child organizations may represent distinct departments, branches, or divisions within the larger organizational structure.

b. Management of Users within Organizations:

  • Service Provider Admins can add, modify, and remove users within their default organization and its child organizations.

  • This includes assigning roles, permissions, and other user-related configurations.

c. Access to Default Organization and Child Organizations:

  • The Service Provider Admin has full access to their default organization and all child organizations created under it.

  • They can view, edit, and manage organizational data within these entities.

d. Cannot create Partner Entities:

  • While Service Provider Admins cannot directly create partner entities, they have access to their organization and child organizations.

Responsibilities:

The Service Provider Admin is responsible for managing organizational structures and user permissions effectively. They must ensure that user access is granted according to organizational requirements and security policies. Service Provider Admins should maintain the integrity and confidentiality of organizational data, adhering to applicable regulatory standards and compliance requirements. Best Practices:

Regularly review and update organizational structures to reflect changes in the business landscape. Provide training and support to Service Provider Admins to empower them to effectively manage users and organizations. Implement access controls and monitoring mechanisms to detect and prevent unauthorized access to sensitive data. Default Organization:

The Service Provider Admin has a default organization under which child organizations are created. This default organization serves as the parent entity for organizational hierarchy and administrative purposes.

Conclusion:

Service Provider Admin privileges grant elevated access and control over organizational structures and user management within the system. It's essential for Service Provider Admins to exercise their privileges responsibly and in accordance with organizational policies and best practices.

\

Service Provider Analyst:

  This role has privileges to view and analyze data for multiple organizations.

  **Permissions:**
  • View/Edit Own Profile: Users can view and edit their own profile information but cannot view or edit other users' profiles.

  • Data Management: Can view and analyze the data pertaining to their client organization.

  • Limited System Settings: Access to a limited set of system settings that pertain to their user experience, like changing their password or configuring personal preferences.

Privileges Breakdown:

a. Access to Specific Pages and Data:

  • Service Provider Analysts are granted access to a subset of pages within the system, typically those relevant to their role or responsibilities.

  • This access allows them to view data and perform necessary tasks within their designated area of operation.

b. Restricted Access to Organizational and User Management Functions:

  • Service Provider Analyst do not have permissions to create organizations or add/manage users within the system.

  • They are restricted from viewing organizational structures and user lists to maintain data confidentiality and security.

Responsibilities:

The primary responsibility of the Service Provider Analyst is to utilize the provided access rights responsibly and in alignment with organizational policies and procedures. They must ensure the confidentiality and integrity of data accessed through the system. Service Provider Analysts should promptly report any security concerns or unauthorized access attempts to designated personnel.

Conclusion:

Service Provider Analyst privileges offer limited access to specific pages and data within the system, focusing on enabling users to perform their designated tasks efficiently while maintaining data security and confidentiality.

Client Admin:

  This role has administrative privileges, can view and analyze data with respect to specific client.

  **Permissions:**
  • User Management: Create, update, delete, and view users. Admins can manage user accounts, roles, and permissions.

  • System Settings: Modify system-wide settings, configurations, and parameters.

  • Access Control Management: Define and modify roles and permissions, assign roles to users, and manage access levels.

  • Security Settings: Manage security policies, including password policies, two-factor authentication settings, and access controls.

  • Data Management: Can view and analyze the data pertaining to their client organization.

Privileges Breakdown:

a. Creation and Management of Client Analysts:

  • The Client Admin is authorized to create and manage users within their designated domain(s) in the system.

  • They have the ability to add, modify, and delete user accounts, assign roles, and configure permissions within the domain(s) they oversee.

b. Restricted Access to Organizational Data:

  • Client Admins do not have permissions to view organizational structures or access organizational data beyond the scope of their designated domain(s).

  • Their access is limited to user management functions within their domain(s) to maintain data confidentiality and security.

Responsibilities:

The primary responsibility of the Client Admin is to manage user accounts within their designated domain(s) effectively. They must adhere to organizational policies and procedures regarding user management, security, and data privacy. Client Admins should collaborate with other administrative roles, such as Client Admins or Superusers, as needed to ensure smooth operation and alignment with organizational objectives.

Conclusion:

Client Admin privileges enable the management of user accounts within specific domains while maintaining restricted access to organizational data. It is essential for Client Admins to fulfill their responsibilities diligently and in accordance with organizational policies and procedures

Client Analyst:

   This role has privilege to view and analyze data with respective to specific client.

   **Permissions:**
  • View/Edit Own Profile: Users can view and edit their own profile information but cannot view or edit other users' profiles.

  • Specific Data Access: Read (and possibly write) access to specific data necessary for their roles, with restrictions on more sensitive or comprehensive data. Can view their organization data.

  • Limited System Settings: Access to a limited set of system settings that pertain to their user experience, like changing their password or configuring personal preferences.

  • Data Access and Management: Can view and analyze the data pertaining to their client organization.

Privileges Breakdown:

a. Access to Organization Data:

  • Client Analyst are granted access to view and interact with data within their respective organization(s) only.

  • They can view, create, modify, and delete data within their organization's scope, such as files, documents, or records.

b. Limited Access to Account Settings:

  • Client Analysts have limited access to manage their personal account settings related to security.

  • Specifically, they can access and modify settings related to:

  1. Password: Change or reset their account password.

  2. Multi-Factor Authentication (MFA): Enable or configure MFA settings for enhanced security.

  3. Log Monitoring: View logs and monitoring data related to their account activities.

  4. Host Monitoring: Access monitoring features related to host systems associated with their account.

Restricted Access to Other Settings:

Client Analysts do not have permissions to access most of the system settings beyond those related to password, MFA, log monitoring, and host monitoring. They cannot modify system-wide configurations or settings that impact the overall operation of the system.

Responsibilities:

The primary responsibility of the Client Analyst is to utilize the provided access rights responsibly and in alignment with organizational policies and procedures. They must ensure the confidentiality and integrity of data accessed within their organization(s).Client Analysts should promptly report any security concerns or unauthorized access attempts to designated personnel.

Conclusion:

Client Analyst privileges offer access to organization data within a specific scope and limited control over personal account settings related to security. It is crucial for Client Analysts to adhere to organizational policies and best practices to maintain data integrity and security.

Last updated