We encourage you to familiarize yourself with how the security permissions in IT Glue work.
Each organization is a private space, visible only to those users who have been granted access to it. Organization access is set on a per-group or per-user basis. Each user has the potential to be granted access to an unlimited number of organizations, except users with a Lite role who can only access a maximum of five organizations.
IT Glue is designed with sharing in mind and therefore, by default, all new assets are viewable by all other users with access to the same organization. Within each asset, there is a set of permissions that can be used to set varying degrees of access to that asset for specific users and groups.
- Groups are used to manage groups of users that can be assigned various access permissions.
- Roles are intended to specify the actions permitted for each user role. All users must be assigned to one predefined role.
Tip! With groups, you don’t need to set access permissions for each new person that joins your team. When you’re setting up a new user, just assign them to the relevant groups, and they’ll have the same permissions as all staff at their level.
Managers – You’ve hired a new manager, Julie, who needs access to most assets across all clients. In this scenario, you would add her to all or most groups and make sure she has access to all or as many organizations as possible to avoid blocking her access to key information.
Tech Team – You’ve hired a new junior technician, Craig, who will be working with a subset of your clients, mostly smaller, long-term clients. In this scenario, you would add him to one or more relevant groups and make sure he has access to the specific organizations he'll be supporting.
Clients/Contractors – You’ve signed with a new client “Happy Frog” and you would like to give their CEO John access to their assets in IT Glue. In this scenario, you would grant John access to Happy Frog (with a Lite role) and then set stricter security on any passwords or other assets in the client container that John should not see.
Setting permissions for assets
Permissions to assets within an organization can be managed by end users with editing rights and access to the containing organization. One of two security levels can be applied:
- Same permissions as the containing organization. This is the default option.
- Restrict access to specific groups and users only. This is an elevated security level.
To set asset permissions:
- Open the asset you want to set permissions on and click Edit.
- Scroll down to the Security section.
- Choose the second option in this section.
- Select the desired groups and users by checking the relevant boxes.
- If a group is grayed out, that means you are not a member of that group. You currently can't add groups that you are not a member of.
- In addition, only users with access to the organization can be chosen under Users. Administrators have access to all data and therefore will be grayed out.
- Click Save for the new restrictions to take effect immediately.
After you make this change, excluded users who have access to the containing organization will not be able navigate to or search out these items. However, the titles of such items will appear in activity feeds when there is activity on them.
Auditing security permissions
The Global section of your account can be used to audit security permissions. From Global > Assets, you can navigate to any type of asset to see data across all organizations.
The padlock icon (far right of each list view) indicates an item's security. The padlock is closed if an item is secured beyond the default-level restrictions. If it is open, the item inherits its organization-level security restrictions. You can hover over the padlock to see who on your team has access to that item.
Note that when viewing the Documents list view, the Public column allows you to see at a glance which documents are public.
In addition, from time to time, something happens that requires you to answer the ”who did it?” question. There are a few different ways you might look for the answer depending on the nature of the change:
- Activity logs - See who created, edited, viewed, or deleted data.
- Passwords accessed reporting - Run a report that lists all passwords that have been accessed by a specific user.
- Revision history - View the revision history of an asset to see who has made changes and, if necessary, go into the version history to revert the changes.
We often advise partners to consider segmenting their documents to make it easier to manage their document permissions. For example, you can create an organization specifically for certain documents, rather than having them scattered in a larger library and protected by unique permissions. For more on this, see Understanding document permissions.