Why are we introducing this role?
As WithSecure Elements evolves, we will be adding new roles for specific purposes. For example, a company may only want to grant access to certain parts of Elements to specific users. This is known as Role Based Access Control, or RBAC.
To facilitate the management of these roles, and granting users permissions to use them, we are introducing a new role to WithSecure Elements Security Center, which will be the gatekeeper of all user management and role assignments in the future
More changes related to RBAC will follow, and these will be announced separately.
The role in more detail
Users with the new Identity and Access Management (IAM) role will be able to grant and revoke all Elements role permissions for other Administrators within the IAM administrator’s own organization, as well as in child organizations. In effect, this means an IAM administrator at partner level can also grant authorization for their own customer’s users.
By adding this role to organizations, we can simplify and streamline the actions needed when we introduce other roles in the future.
Eventually, user creation and modification permissions will be removed from other roles within Elements, with only users with the IAM role able to create and modify users. This will lead to increased security for the organizations, as only trusted admins will be able to grant access.
Availability of the role
Starting immediately, we will grant the IAM role during company self-registration, where this is allowed. This means that for most new companies, one of the very first thing they will do after receiving their subscription information is to create a user with IAM. This will be in addition to other subscription-specific role assignments such as Security Administrator for Endpoint Security
To find out more about privileges, please see the user guide
Later on, we will enable reminders within the Elements Security Center, to prompt users that the IAM role can be claimed. These changes will be announced separately.
In Summary
- The Elements IAM role is granted as part of the Self-registration process for new customers.
- This applies to organizations where self-registration is allowed. Once self-registration has been completed, the user will get the IAM role and any additional roles related to the actual subscription used in the self-registration form
- You can also find more information in the changelog