For Single Organization

For organizations without sub-organizations, Users and Roles management is straightforward. The following sections outline how admins can manage users and assign roles within a single entity.

By default, your organization is set to Single Organization mode. For organizations with sub-organizations, please refer to the For Organization with Sub-organizations section for more information.

Users

The Users tab provides a complete list of all users within the organization. Authorized users can navigate to My Organization > Users to:

  • View and manage all users within the current organization.
  • Invite new users & assigning them roles.
  • Remove users from the organization.
  • Update user roles to ensure appropriate access levels.
  • Transfer the Super Admin role to another Admin (available only to Super Admins).

User Status

  • Pending Status: Invited users will show as Pending until they accept the invitation. Once accepted, their status will change to Active.
  • Active Status: Once a user accepts the invitation, they can log into My OPSWAT Portal and access the organization.

The first Admin is added to the Organization will be automatically set as Super Admin of the Organization.

Each organization has only one Super Admin. Super Admin can:

  • Update role of other Admins
  • Remove other Admins from the Organization
  • Transfer Super Admin role to another Admin

Super Admin role is available on My OPSWAT Portal only. This role is matched with Admin role in IDaaS.

The role of user in My OPSWAT Portal is different from the role of user in My OPSWAT - Central Management Component.

Roles

The Roles feature in My OPSWAT Portal leverages Role-Based Access Control (RBAC) to manage user permissions effectively. This enhances security by ensuring users have access only to the resources necessary for their role, minimizing unnecessary access and improving permission management. Authorized users can navigate to My Organization > Roles to:

Predefined Roles

My OPSWAT Portal includes three predefined roles to cover core user management needs:

Super Admin

  • Holds the highest level of permissions, with full control over all organizational functions.
  • Each organization can have only one (1) Super Admin, automatically assigned to the first Admin added.
  • Super Admins can transfer their role exclusively to another Admin, ensuring continuity and accountability.

Admin: Holds almost all organizational permission, with a few exceptions reserved for the Super Admin.

User: Primarily a viewer role, allowing access to organizational information with limited editing and update capabilities.

Custom Roles and Permissions

Authorized users can create, modify, or delete roles with permissions tailored to their organization's needs. Roles can be assigned "None", "View Only" or "Full Access" permissions across various functional areas, referred to as Role Objects.

HOW To manage custom roles, navigate to My Organization > Roles > Add Role

Key fields for role configuration:

  • Name: Required field, unique within the organization
  • Description: A short summary describing the role’s purpose.
  • Role Objects & Permissions: Default permissions for all Role Objects are set to "None" but can be customized.

Here’s a breakdown of key Role Objects and their permissions:

  • Critical Alert Users: This role object is found on the My Organization > Critical Alert Users tab.

    • None: No access to critical alert users list.
    • View Only: View the list of email list subscribed to receive critical alerts.
    • Full Access: Add or remove email subscriptions for critical alerts.

  • Event History: This role object is found under My Organization > Event History tab

    • None: No access to event history data.
    • View Only: Access the event history and view all recorded events, but no changes can be made.

  • License Management: This role object is found on the License Management page.

    • None: The user can see License Management tab, but cannot see organization's licenses.
    • View Only: View licenses of the current organization, including functions like Active License and See Full License History.
    • Full Access: Includes View Only permissions and adds the ability to Download Active Deployment Report, Edit license notes and View Organization's MetaDefender Cloud License

  • License Management - Customer Organizations: This role object is found on the License Management > Customer Organizations tab if the Organization has linked to customer's Organization

    • None: No access to customer's licenses data.
    • View Only: View licenses of the customer's organization, including functions like Active License and See Full License History and View Organization's MetaDefender Cloud License
    • Full Access: Includes View Only permissions and adds the ability to Download Active Deployment Report.

The Edit License Notes function is not available for viewing licenses of sub-organizations from the parent organization and not available for viewing customer licenses.

  • Organization General Information: This role object is found under My Organization > General Information tab

    • None: No access to organization's general information.
    • View Only: View organization's general information.
    • Full Access: View and update the organization's general information.

  • Role Management: This role object is found under My Organization > Roles tab

    • None: No access to organization's role data.
    • View Only: View the list of roles in your organization, but cannot make any changes.
    • Full Access: View and modify roles, including adding, editing, or removing them.

  • Security Management: This role object is found under My Organization > Security Management tab

    • None: No access to security setting.
    • View Only: View the security settings, but cannot make changes.
    • Full Access: View and modify security settings

  • Support Service: This role object is found on the Support page.

    • View Only: Access most support functions, except configuring organization case access.
    • Full Access: Includes all support functions.

  • Support Service - Customer Organizations: This role object is displayed if the organization has at least one linked customer with a “Preferred Partner” relationship.

    • None: Cannot submit support cases/ Log in a ticket on behalf on assigned customers
    • Full Access: Be able to submit support cases/ Log in a ticket on behalf on assigned customers

  • User Management: This role object is found under My Organization > Users tab

    • None: No access to organization's user list.
    • View Only: View the list of users within your organization, but cannot make any changes.
    • Full Access: View and manage users, including adding, removing, or editing user details.

Information : Roles with Full Access to User Management and Role Management objects in My OPSWAT will be migrated to the other system (IDaaS) as Admin role.

Information: : The My OPSWAT Team has removed the rule that "Admins cannot remove other Admins" starting from release 2024.4.1. From this version onward, users who have Full Access permission on User Management can remove all users except the Super Admin.

Type to search, ESC to discard
Type to search, ESC to discard
Type to search, ESC to discard
Next to read:
For Organization with Sub-organizations
On This Page
For Single OrganizationUsersUser StatusRolesPredefined RolesCustom Roles and Permissions