Access control

Copiar la URL del artículo actual Compartir por correo electrónico

Este artículo (PDF) Documentación completa (PDF)

Role-Based Access Control (RBAC) is a model for authorizing or restricting access to systems, applications, and data based on user roles, while also helping streamline administrative efficiency. This access control can be implemented to provide secure, flexible, fine-grained, and scalable access management for resources in complex enterprise scenarios.

Compatibility

ESET Cloud Office Security Access Control is compatible with ESET PROTECT Hub account model and supports both direct user and group-based role assignments.

Advantages

You can think of the ESET Cloud Office Security Access control as an advanced extension to the existing ESET PROTECT Hub user management and permissions.

Normally, the access permissions to ESET Cloud Office Security are managed from within ESET PROTECT Hub. When Superuser enables Access control (RBAC) in ESET Cloud Office Security, you will get the advantage of granular control as an addition to the standard ESET PROTECT Hub Permissions | User access rights to sites or companies. Granular control, such as allowing certain actions only for specific groups.

Only a Superuser can enable Access control (RBAC) and manage it, initially. The Superuser may delegate the management role by granting Write permission for the Access control setting (Permissions > Settings > Access control) to a specific user. The delegated user gains management ability but cannot disable role-based access control, a function reserved for the Superuser.

If Access control (RBAC) is disabled, the access is managed by ESET PROTECT Hub.

To learn more about user management models and how ESET PROTECT Hub handles access control, review the hierarchy roles, users, and companies in ESET PROTECT Hub.

Getting started

To start using ESET Cloud Office Security Access Control:

Create Roles—Add new roles according to your requirements by specifying the following parameters:

•Select Targets—Include all tenants, or manually select which tenants and groups are included.

•Specify Assignments—Select Portal Accounts to which the role is applicable to.

•Define Permissions—Create a permission set by going through the categories and setting which actions (Read/Write/Use) are allowed.

For step-by-step guide, see Create New Role.

Roles

The Access control feature is based on roles. A role contains a definition of targets and assignments, along with a set of specific permissions required for that role. Assigning a role to an account grants the user all the necessary permissions to execute the tasks or perform an action associated with that role.

Targets

A role is used on targets—either all tenants or manually selecting specific tenants or groups that are included as targets to which the role is applicable to.

Assignment

A role is then assigned to users—portal accounts. Users can have one or more roles assigned, granting them specific permissions associated with those roles. You can have multiple roles assigned to a single user account. In case of multiple roles, Access Control (RBAC) uses an additive approach— if one role enables (allows for) something, this cannot be disabled by another rule.

Effective Permissions

How the effective permission of the acting account for each individual target user of the tenant is calculated:

Company in ESET PROTECT Hub	Tenant/Group (Access Control)	Effective permission
Write	Write	Write
Write	Read	Read
Write	None	None
Read	Write	Read
Read	Read	Read
Read	None	None
None	Any	None