Controlling access with security permissions

We encourage you to familiarize yourself with how the security permissions in IT Glue work. 

Once you've read this topic, you might want to review our Roles and Permissions article for a description of the action levels for each user role. All users must be assigned to one predefined role.

Security permissions overview

Each organization is a private space, visible only to those users who have been granted access to it. Organization access is set on a per group/per user level by users with an Administrator or Manager role.

Each user has the potential to be granted access to an unlimited number of organizations, except users with a Lite role who can only access a maximum of five organizations.

Users can be members of one or more groups to give them permissions to access to all organizations and assets that are available to that group. Otherwise, a user can be assigned permissions individually.

Example scenarios:

Managers – You’ve hired a new manager, Julie, who needs access to most assets across all clients. In this scenario, you would add her to all or most groups and make sure she has access to all or as many organizations as possible to avoid blocking her access to key information.

Tech Team – You’ve hired a new junior technician, Craig, who will be working with a subset of your clients, mostly smaller, long-term clients. In this scenario, you would add him to one or more relevant groups and make sure he has access to the specific organizations he'll be supporting. 

Clients/Contractors – You’ve signed with a new client “Happy Frog” and you would like to give their CEO John access to their assets in IT Glue. In this scenario, you would grant John access to Happy Frog (with a Lite role) and then set stricter security on any passwords or other assets in the client container that John should not see.

Setting permissions on specific assets

Permissions to assets within an organization can be managed by end users with editing rights. One of two security levels can be applied:

  • Same permissions as the containing organization. The default option.
  • Restrict access to specific groups and users only. An elevated security level. Allows certain items to be secured beyond the default permissions inherited from the organization.

To apply stricter permissions to specific assets in IT Glue:

  1. Create a new asset, or to change permissions on an existing item, open the item and click Edit.
  2. Scroll down to the Security section.
  3. Choose the second option in this section.

    security.png

  4. Select the desired groups and users by checking the relevant boxes. Note: If a group is grayed out, that means you are not a member of that group. You currently can't add groups that you are not a member of.
  5. Click Save for the new restrictions to take effect immediately.

After you make this change, excluded users who have access to the containing organization will not be able navigate to or search out these items. However, the titles of such items will appear in activity feeds when there is activity on them.

Note that you can also apply permissions to document folders and these changes will cascade down. See Adding and removing folder security for details.

Auditing security permissions

The Global section of your account can be used to audit security permissions. From Global > Assets, you can navigate to any type of asset to see data across all organizations. If you have a lot of results to view, use the columns to filter and sort the data.

The padlock icon that indicates an item's security can be found on the far right of each list view. The padlock icon is closed if an item is secured beyond the default-level restrictions. If the padlock icon is open, the item inherits its organization-level security restrictions. You can hover over the padlock icon to see who on your team has access to that item via a tooltip.

Note that when viewing the Documents list view, the Public column allows you to see at a glance which documents are public.

You can also see who created, edited, viewed, or deleted data. For more information, see Activity logs overview and Passwords accessed and at risk report.

Was this article helpful?
6 out of 7 found this helpful