Control access with security permissions

We encourage you to familiarize yourself with how the security permissions work.

Managing permissions

In IT Glue, there are several different types of permissions that are managed separately but work together to provide the proper security permissions.

  • Organizations: Permissions are managed at the user or group level.
  • Assets: Permissions are managed at the asset-level. 
  • Asset Types: Permissions are managed at the group level.
  • Users: Permissions to be able to perform a set of actions are managed through user roles.

What makes up a user's permissions

User permissions are the total permissions from various permissions.

When IT Glue determines a user's permissions, it considers the following top-level permissions:

Organizations Organizations are secure containers for all of a business's assets. Each organization is private, visible only to those users who have been explicitly granted access to it.
Groups Groups are used to manage groups of users for easy administration of organization and asset security permissions, and also to restrict access to asset types. Individual users who are members of a group will inherit the group's permissions.
Roles Roles are used to define how logged-in users can interact with the data in your account. Each user is assigned a pre-defined user role that gives them permission to perform a set of actions.

The Account tab is where all of the top-level permissions are set. You can't see the Account tab unless you have a Manager or Administrator role.

Keep in mind that Managers may have only limited access to some Account features. For example, they can only manage groups that they themselves are a member of. Administrators, on the other hand, have free rein of all Account settings.

Permissions for assets

For every asset created in IT Glue, there is a set of permissions that allows access to that asset. Anyone with a Creator or above role can edit an asset's permissions. For more on asset-level permissions, see Editing an asset's permissions.

Viewing asset permissions 

You can see the resulting permissions for any asset when you view it in list view. From Global > Assets, you can navigate to any type of asset to see permissions across all organizations. This gives you the ability to conduct audits of asset permissions.

Hover over the padlock icon to see who can access that asset. When the padlock is open, the permissions associated with that asset are the same as the organization’s. When the padlock is closed, there have been changes to a person’s or group’s access to that password.

itglue-passwords-list-view.png

Related documentation 

From time to time, something happens that requires you to answer the "who did it?" question. There are a few different ways you might look for the answer depending on the nature of the change:

  • Activity Logs - See who created, edited, viewed, or deleted data.
  • Passwords accessed reporting - Run a report that lists all passwords that have been accessed by a specific user.
  • Revision history - View the revision history of an asset to see who has made changes and, if necessary, go into the revision history to revert the changes.