Request failed with status code 502

Access Management

The beginning of your implementation begins by setting up users, groups and access lists - long

  • Episodes10
  • Duration37m 46s
  • LanguagesEN
Episode 3

Defining an Access Matrix

The basic roles vs. access definition for any system starts here

Before you create users, groups, etc., you need a strategy. We recommend that you build a simple Access Matrix that will tell you in detail what permissions you need to setup.

  • As columns name the areas of your organization that require access to eramba, remember the two types of users: "GRC" and "Users".
  • As rows, write the modules in the eramba you think they will need access to.
  • Then on the cells, write what access they need and in brackets, what groups in eramba will provide such access. If you don't have a group in eramba that gives that access, then create one and adjust their permissions.
 

IT

Finance

GRC

Policy

Read (View Policies), Feedback (Comments & Attachments)

No

All (All But Settings)

Risks

Read (View Risks), Feedback (Comments & Attachments)

Read (View Risks), Feedback (Comments & Attachments)

All (All But Settings)

Controls

Read (View Controls), Feedback (Comments & Attachments)

No

All (All But Settings)

Compliance

No

Read (View Compliance), Feedback (Comments & Attachments)

All (All But Settings)

Now you know that if the user Esteban Ribicic, that works in Finance, needs access to eramba you will need to assign him the following groups in eramba:

  • Finance (where he works)
  • View Risks (permissions he needs)
  • View Compliance (permissions he needs)
  • Comments & Attachments (permissions he needs)

Do not continue this guide until you have made your access matrix, we will use it to create groups, permissions, etc.