Role-Based Access Controls in Aware
by Aware HQ
Role-Based Access Control (RBAC) is an enterprise collaboration requirement to protect data, maintain compliance, and improve productivity. It establishes who can make changes, examine data sources, research users and more inside the Aware Monitoring and Search & Discover applications.
For example, you don’t want just anyone to have access to all the sensitive data in your collaboration platforms. You reserve that role for select few super admins, while other administrators may have restrictions on which types of data they can access.
The introduction of RBAC allows organizations to implement the Aware platform with their unique data sensitivity and restrictions in mind, while increasingly serving stakeholders across the organization.
What the Roles Control
RBAC includes settings that enable granular access to specific datasets by:
- Roles: Assigning roles to users is the foundation of role-based access controls. A role is a defined parameter where unique permissions and access to specific datasets can be granted to a user or group of users.
- Permissions: Permissions are a defined set of rules that indicate the capabilities available to a role. For example, an admin can add permissions to a specific capability within the Aware Search & Discover application, such as the ability to export data outside the platform.
- Data Access Sets: Data access sets limit or grant data visibility to a group of users or a platform. They are essentially a sharable access key across Aware. One data access set can be supplied to various roles within the Aware platform.
- Users: A user is an individual or group of individuals that can be assigned to specific roles with varying permissions and data access set visibility in the Aware platform.
In short, roles are assigned to users with customizable permissions and data access sets to keep data and the enterprise secure.
How Is This Valuable?
There are various ways to leverage role-based access controls to secure enterprise organizations. Some common examples are as follows:
Adhere to compliance requirements
Some organizations have regional requirements for data visibility and access. Aware’s controls provide that oversight and insights to satisfy those compliance needs. RBAC also helps organizations meet security and compliance requirements, such as HIPAA, SOX, SOC 2, and ISO 27001.
Lockdown or monitor special projects
The Aware Monitoring and Search & Discover applications create specific roles with limited data access for project teams. For example, if a project requires monitoring confidential datasets, it can limit data and policy alerts to only those relevant to the project. Access to data can also be set for a limited duration and removed as needed when adding or scoping projects.
Expand usage across various departments
The Aware platform brings collaboration data visibility and governance capabilities for various stakeholders across the organization. Multiple departments will frequently use the same Aware applications for very different requirements. The HR department may want the cybersecurity team to avoid seeing the policies they track related to personnel and vice versa. Role-based access control ensures that admins can leverage the Aware platform across departments without sacrificing data sensitivity or privacy when working with sensitive information.
Ensure operational efficiency
A role-based access control strategy ensures the right employees have the right level of data accessibility to perform their jobs. This helps streamline processes when employees are hired, change roles, or need to grant limited access to third parties in their day-to-day work environment.
Limit data tracking
Some organizations only want to track specific data types. For example, if an enterprise wanted to exclude DMs (direct messages) from its data management policy, it could do this. Some enterprises choose to do this to protect the privacy of employees.
Reduce the impact of a data breach
In the event of a security incident, adhering to the principle of least privilege (POLP), with the help of an RBAC strategy, helps limit the blow of losing sensitive data from the organization.