When discussing software access the terms “roles” and “permissions” refer to creating a framework that can be used to define each user and determine who has access to what digital resources. Roles and permissions also determine the type of actions a user can perform with those resources. For example: some users will have “read only” permissions while others will have editing or other permissions based on their role. Let’s take a closer look at both of these terms and how they impact activity related to digital assets.
Roles and permissions enable administrators to establish an access hierarchy among users. Here’s how it works:
When it comes to the management and access of digital assets common roles include “admin”, “editor”, “moderator” and “viewer”. Each of these roles will then be assigned a set of permissions. For example, the admin will typically have complete access to data and system features and be able to change system settings. An editor by contrast may be able to edit specific documents but is unable to affect any system-wide changes.
Once roles have been established permissions are assigned which specify what actions are associated with a given role. Typical permissions include reading, editing, creating or deleting data. Other permissions include the ability to manage users and configure settings. In most cases, permissions are related to specific digital resources such as folders, files, database records and more.
By creating roles and then assigning role-specific permissions the system prevents unauthorized and unqualified individuals from wreaking havoc with important company data or perhaps violating SOC2 and ISO27001 standards regarding the handling of said data.
There are several advantages to implementing the roles and permission model, including:
Book a free Policy Workshop to discuss your requirements and get your first policy written by the Cerbos team