The below information outlines the roles that can be assigned to users in SecurEnds:
Access
- This gives basic access to SecurEnds, the same as when you do not define a role
- The purpose of this role is to allow a user to login and test their access ahead of a review
- This access is not required for a manager performing a review, unless you wanted to let them have early access to SecurEnds
Admin
- Full access to manage Campaigns, Applications, Audit, and Users
- This access gives full access to every-part of SecurEnds
- As a best practice, it is recommended to have at least two individuals assigned as admins that will be owning the SecurEnds application
Application Manager
- This level gives access to manage applications within SecurEnds
- Allows the user to edit and update applications as needed Ex. If a connector needs to be adjusted or a new CSV needs to be uploaded.
- This role is ideal for an Application Owner who will be in charge of maintaining SecurEnds connectors or uploading an application CSV but does not need access to other parts of the tool such as setting up campaigns, editing users, or viewing audit reports
Audit
- This role gives full access to the Audit tabs within SecurEnds
- Allows the user to view reports and the status of Campaigns
- This role is ideal for an Auditor user who just needs the end results of a User Access Review, but none of the configuration or set up
Identity Analytics
- This role gives full access to the Identity Analytics menus within SecurEnds
- Allows the user to view the identity, Application, and Entitlement mindmaps for all users, applications, and entitlements within the instance.