Roles

My OPSWAT Portal provides this feature for user in an Organization that restricts system access based on roles assigned to users. It allows administrators to assign specific permissions to users based on their role within the organization, ensuring that individuals only have access to the resources necessary for their role. This enhances security by limiting unnecessary access and improving permission management.

  • Roles include three predefined types: Super Admin, Admin, and User.
    • The Super Admin role holds the highest permission level within the organization. Users with this role can manage all aspects of the organization, and no other user can take action on a Super Admin. Each organization can have only one Super Admin, and the first Admin added to the organization will automatically be nominated for this role. The Super Admin can transfer their role only to another use with predefined Admin role, not to any other roles.
    • The Admin role holds most of the permissions within the organization. Admins can manage nearly all aspects of the organization, except for a few specific functions.
    • The User role can view all information within the organization but has limited permissions for editing and updating this information.
  • Authorized users with the appropriate permissions can add/Change/Delete/View Detail roles, assign specific permissions to those roles, and then set them for users: Access to My Organization > Roles to be offered these function
    • Name: This field is required and unique on each organization
    • Description: Short description for the role
    • Role Objects and its permisison: default is None permission for all Role Objects.
      • Support Service: This role object is found on the Support Service page. Users assigned "View Only" permission can access all functions on the Support page, except for "Configure Organization Case Access," which requires "Full Access" permission.
      • License Management: This role object is found on the My License page. Users with "View Only" permission can view all licenses of the current organization and access various functions, including "Active License" and "See full License History". However, they cannot download the "Active Deployment Report" or "Edit license notes" or "View Organization's MetaDefender Cloud License", these functions requires "Full Access" permission.
      • Sub Organization - License Management: My OPSWAT Portal provides a setting at the parent organization level, managed by OPSWAT Admin, which allows authorized users to view and manage the licenses of sub-organizations. When this setting is enabled, this role object is displayed in the role detail and can be found on the My License page. Users with "View Only" permission can view all licenses of the sub-organizations and access various functions, including "Active License" and "See Full License History." However, they cannot download the "Active Deployment Report" or "View Organization's MetaDefender Cloud License," as these functions require "Full Access" permission. Additionally, the "Edit License Notes" function is not available for viewing licenses of sub-organizations from the parent organization.
      • Critical Alert Users: This role object is found on the My Organization > Critical Alert Users tab. Users with "View Only" permission can view the list of emails subscribed on critical Alert function. They cannot change data of this tab that requires Full Access permission.
      • Security Management: This role object is found under My Organization > Security Management tab. Users with "View Only" permission can view the settings but cannot change them, as modifications require "Full Access" permission.
      • Role Management: This role object is found under My Organization > Roles tab. Users with "View Only" permission can view Role list but cannot change them, as modifications require "Full Access" permission.
      • User Management: This role object is found under My Organization > Users tab. Users with "View Only" permission can view user list but cannot change them, as modifications require "Full Access" permission.
      • Event History: This role object is found under My Organization > Event History tab. This tab is available with only "View Only" and "None" permissions, as it does not include any functions that change data.
      • Organization General Information: This role object is found under My Organization > General Information tab. Users need "View Only" permission to view data in this tab, but "Full Access" permission is required to update any information.

Information : Roles with Full Access to User Management and Role Management objects in My OPSWAT will be migrated to the other system (IDaaS) as Admin role.

Information: : The My OPSWAT Team has removed the rule that "Admins cannot remove other Admins" starting from release 2024.4.1. From this version onward, users who have Full Access permission on User Management can remove all users except the Super Admin.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
Security
On This Page
Roles