SecurePortal 2.8 - Role Based Access Control

Release Notes

• Enhance User Control: Configure permissions to specific fields
• Efficient Permissions Management: Bulk change access levels
• Custom Role Creation: Duplicate roles for tailored user needs
• Group Customisation: Create and assign users to custom groups
• Streamlined Assessment Sharing: Share assessments with specific groups or users
• Individualised Access: Limit visibility without compromising user experience
• Enhanced User Management: Resend welcome emails, adjust MFA, and re-enable disabled accounts for full control.

Over the past few months, our development team at SecurePortal has diligently worked on a major upgrade to our access control system. In this significant update, we have revolutionised how organisations can manage and restrict access within the portal. By empowering organisations with permissions to regulate and customise visibility for specific groups, we offer the flexibility to create new groups, duplicate existing ones for customisations, and seamlessly assign users to these tailored groups. Our latest release also introduces the feature of sharing assessments with individuals and groups, emphasising the critical importance of data segregation.

With this enhancement, companies can selectively share particular assessments, ensuring that users only have access to designated information, ideal for managing multiple assessments across various departments efficiently. Additionally, based on valuable feedback regarding user management, we have incorporated a user-friendly functionality within Role Based Access Control. Administrators now have the capability to streamline user management by easily removing users' MFA and re-enabling accounts post-lockouts, enhancing overall operational efficiency and security practices.

‍Access Control List

The newly introduced Access Control List in SecurePortal enables organisations to meticulously manage what each group can access within the portal. This feature allows for precise control, with the ability to set 'yes/no' access to specific attributes, ensuring appropriate visibility and interaction levels for each element. For streamlined efficiency, administrators can also perform bulk changes across entire sections using a dropdown menu with options for No, View, Edit, and Full access. This significantly expedites the process when a broad permission overhaul is needed. Furthermore, group permissions can be swiftly modified with a single click, such as setting a group to have view-only access, providing unparalleled ease and flexibility in maintaining security standards.
‍

Duplicate Permissions

We’ve simplified the process for organisations to quickly duplicate pre-created groups along with all their defined permissions. This enhancement significantly accelerates the creation of new groups tailored for specific user roles. As a standard feature, SecurePortal provides default groups maintained by Pentest People, which you can readily utilise. For instance, if you wish to duplicate the 'standardUser' group, you can easily modify its permissions to add or remove access as needed. This functionality allows for swift role assignment while ensuring the flexibility to fine-tune permissions according to job requirements, enhancing productivity and maintaining security standards.

Groups

In this release, we are excited to introduce a new feature in SecurePortal: Groups. Groups are designed to streamline permission management by bundling users into predefined or custom-created permission sets. For instance, the 'StandardUser' is a default Group available out of the box, but you also have the flexibility to create custom groups tailored to your business needs. An example of a custom group could be 'Developers', where permissions are adjusted so members can only access assessments specifically shared with them. This ensures that portal security adheres to the principle of least privilege.

Users can belong to multiple groups, and in such cases, they will inherit the highest level of permissions from each group. For example, if Group1 has access to assessments while Group2 does not, the permissions from Group1 will take precedence, ensuring users have the necessary access without compromising security.

Additionally, if a user is removed from all assigned groups, they will automatically be placed into the 'StandardUsers' Group by default. This mechanism ensures that users always retain baseline access to the portal, preventing accidental lockouts.

This innovative approach to group management not only enhances security but also offers unparalleled flexibility and simplicity in managing user permissions within SecurePortal.

Users

In our latest release, we have significantly simplified the process of managing users by updating permissions to provide Account Administrators with essential tools for maintaining seamless access. One of the key enhancements is the ability for Account Administrators to reset users' Multi-Factor Authentication (MFA) codes. This feature is particularly useful if a user gets locked out, ensuring that they can swiftly regain access without prolonged downtime.

Additionally, administrators now have the capability to re-enable accounts that have been disabled due to inactivity. This change addresses the common issue of dormant accounts, allowing users to resume their work promptly without requiring complex interventions. These enhancements not only improve operational efficiency but also reinforce security measures by ensuring that account recovery processes are both swift and secure.

By empowering Account Administrators with these new functionalities, SecurePortal continues to deliver innovative solutions that enhance user management while maintaining robust security standards.

Share Assessments

The latest release brings forth a groundbreaking feature: the ability to share assessments with precision among individuals and groups. This addition underscores the paramount importance of data segregation, allowing companies to selectively distribute specific assessments. This functionality ensures that users access only pertinent information, streamlining the management of numerous assessments across diverse departments effectively.

Conclusion

With this major update to SecurePortal’s access control system, we’ve empowered organisations with a new level of flexibility, security, and efficiency in managing user access. From the introduction of custom groups and dynamic permissions to seamless assessment sharing and enhanced user management, SecurePortal now offers a more streamlined approach to maintaining security without compromising on ease of use. These features not only simplify how teams handle sensitive data but also ensure that permissions are tailored, secure, and adaptable to evolving business needs. As we continue to evolve, we remain committed to delivering solutions that keep your organisation secure, efficient, and always prepared for what’s next.

‍