Request failed with status code 502

Access Management

The beginning of your implementation begins by setting up users, groups and access lists - long

  • Episodes10
  • Duration37m 46s
  • LanguagesEN
Episode 4

Creating Groups and Adjusting Permissions

How groups and their permissions are defined and tested

Once your matrix is completed is time to:

  • Create organizational groups (IT, Finance, GRC, Etc)
  • Create a dummy account that will be used to test permissions
  • Create access groups (those used to limit where users can click)

Creating Organizational Groups

Go to "System" > "Settings" > "Groups" and click on "Actions" > "Add". For each "Organizational" group you have defined in your matrix (IT, Finance, Etc) complete and save the form. Remember, these groups won't let users access anywhere as, by default groups have all permissions denied.

Creating Dummy Local Account

You will need to test your permissions, and for that, you need a dummy user account to test your groups by login into eramba and checking permissions are correct. Go to "System" > "Settings" > "User Management", then click "Actions" > "Add". The form to create users is pretty simple but keep an eye on the following fields.

Email

Each user account in eramba needs a unique email, without them, eramba can not send notifications or in the case of accounts using local authentication, send recovery password emails.

Local Account

Switch this toggle as you want this account to authenticate using the eramba password management system. Accounts that will authenticate outside eramba (LDAP, SAML) require to have this toggle off. 

Portals

Select only "Main" as the other two portals on the dropdown are not affected by "Access Groups". Those two portals (Online Assessments and Account Reviews) have permissions built-in on their own, and those can not be changed. So if you are planning on creating users that will use these portals, you can assign a single group without permission, for example, create a group called "No Permissions" (you need to create it, remember by default, it will have no permissions).

Groups

Here is where you will select the groups you want to test. Imagine "Dummy" works for IT. Then, you need to assign to this account all the groups under the column "IT" in your Access Matrix. You need to repeat this step for every column.

Status

Leave this "Active" until you have completed all your testing, then, you will set it to "Inactive" so the account can no longer authenticate.

REST APIs

Unless you are testing REST APIs, this toggle can remain off.

Creating and Adjusting Access Groups

Now look at every column on your matrix, and for every row decide if:

  • You can use an existing eramba group (most chances are you can)
  • You need to create your group and assign specific permissions

Eramba has read-only groups for the most popular modules (Internal Controls, Policies, Risk, Etc) that, combined with the group "Comments & Attachments", will let users across your organization receive notifications and provide you with feedback. This means that following the example on the matrix we built before any user in the IT department should be assigned:

  • IT Group (created above)
  • System Group - View Policies and Reviews
  • System Group - View All Types of Risks and their Reviews
  • System Group - View Internal Controls and Audits, Maintenance and Issues
  • Comments and Attachments

As you can see, you should be able to leverage default groups in eramba in most cases. If you need to create a specific group for specific permission, create the group as done before and then go to "System" > "Settings" > "Authorization". Select the group you just created, and then select the module you want to allow access to.

 

Then all actions for that module will be displayed, you can choose which ones you want to enable (remember, by default, they will all be disabled if the group is new)

Repeat this process for every module until you have configured the group as you wish. Since, at this stage, you might not know what eramba does, it might be difficult to tell what permissions to grant. Always assign the least amount of permissions until the need arrives (when you start to use the system).

Testing Permissions

After you create (or re-used default groups that come with eramba) the groups you need for every column, you need to test these groups to do what you want. Go back to User Management, edit the dummy account and assign the groups for the column you have worked on. Save and log out. Then log in using the dummy login and credentials and check if you have the right permissions.

Because of "Visuasalitions", the dummy account might not see any data (as it has nothing attached to it). You might want to create an item on the module you are testing and assign it to dummy to double check permissions with data.

Repeat this process for every column on your Access Matrix.

Deactivate Dummy Account

Once the testing has been completed you can edit dummy account and set the "Status" to "Inactive".