Skip to main content
Version: 3.24

Permissions

Privileges granted in excess or not revoked at the right time make malicious action easy. Privileged users need access to privileged accounts to perform daily routines for performing maintenance on systems, updating, and troubleshooting problems. However, these users may also misuse privileges to gain unauthorized access to information and cause damage.

Print a report that proves the privileges are being conceded to authorized users is crucial to an audit. The Permissions report in senhasegura shows what the systems users can see and do to the system and stored assets. Accessing the menu Reports ➔ Permissions you will see the following reports:

Screens by user

This report shows all the modules and its screens each senhasegura system users can see and interact. This report is important to understand if the privileges of each user still in compliance with the company's access policy also if the users have the information necessary to execute its activities.

The Screens by user report will print the following information:

  • Module: is the senhasegura functional characteristic, base to perform each functionality of the system;

  • Screen: is where each function is available to edit and execute;

  • User: is the name of the user that has the permission to see or interact with functionalities of the screen;

  • User status: indicate if the permission to interact with the screen is conceded to the user;

User roles

This report shows all the roles and role groups the senhasegura system users are configured. This report is important to understand if the privileges of each user still in compliance with the company's access policy also if the users can perform actions related with its permission level in the system according to with the company and security expectations. The User roles report will print the following information:

  • User: is the name of the user that has the role and are members of the role group;

  • Group: the role group the user is a member of;

  • Role: the permission the user can perform;

info

For a better understanding about roles and group roles see the System Users chapter on the Administrator Manual.

User profiles

This report shows all the profiles the senhasegura system users are configured with. This report is important to understand if the privileges of each user still in compliance with the company's access policy also if the attribution of profiles is correct and the right users are labelled with the suitable profile according to with what the company expect. The User profiles report will print the following information:

  • Department user: is the company's department the user belongs;

  • User: is the name of the user that has the profile;

  • User status: indicate if the user is being currently enabled or not on the system;

  • Department profile: is the company's department the profile belongs;

  • Profile: is the name of the profile that is being detailed;

  • Start: is the date the profile was attributed to the user;

info

For a better understanding about profiles see the System Users chapter on the Administrator Manual.

Role permissions

This report shows all the roles and role groups registered in senhasegura and the operations each one can perform. This report is important to understand if roles and groups are configured with the correct operations to give the privileges suitable for each user. The Role permissions report will print the following information:

  • Group: that holds the role that is being detailed;

  • Role: that holds the permissions that can be performed;

  • Permission ID: is the identification code of the permission the role concede;

  • Operation: is the permission or action the role allows the user to perform;

Profile permissions

This report shows all the profiles registered in senhasegura and the operations each one can perform. This report is important to understand if profiles are configured with the correct operations to give to each user the suitable profile. The Profile permissions report will print the following information:

  • Department: is the company's department the profile belongs;

  • Profile: that holds the permissions that can be performed;

  • Permission ID: is the identification code of the permission the profile concede;

  • Operation: is the permission or action the profile allows the user to perform;

Permissions and roles history

This report shows the history of the changes made on the roles' permissions registered in senhasegura system. This report is important to know what was made on the role and by which user to understand if the permissions of role still in compliance with the company's policy also if the users are in the right groups receiving the permissions they need to execute they activities.

The Permissions and roles history report will print the following information:

  • Date/Time: is the is the day and hour the role modification was performed;

  • Type: is the kind of modification performed;

  • User: is the name of the user that has the profile;

  • Message: is what the system print after the modification;

Permissions by role

This report presents the composition of permissions that each role has. The user can identify where a certain permission is being applied, facilitating the role definition to be applied to the user.

The report presents the information grouped by:

  • ID: Permission unique ID;

  • Permission: Permission unique nickname;

  • Module: Module to which permission belongs;

  • Type: Kind of action that the user will receive into the target entity;

  • Description: Brief description of the powers that permission grants;

Change Profile

Being an administrator you can select Change profile in the option in the top right.

Using this option and depending on users group of access the profile of another user can be assumed. In general an administrator with high levels of privileges, if so registered in his profile can assume the position of another's privileges user.

The actions permitted are only of consulting and any access is logged to the real user, not the assumed one. The objective is to allow the administrator to see what another user, in another profile would see.

In this case, the permissions allowed will be the ones of the profile assumed but the register on the actions in senhasegura will be in name of the original user.

Choose another user, press Take on profile or cancel the action.

info

Note that the dashboard will still contain the loged in user information, not the assumed profile.