- 06 Nov 2020
- 5 Minutes to read
- Updated on 06 Nov 2020
- 5 Minutes to read
User Roles have been revamped for SecureCircle release 2.10+. Previously, the only roles available were Contributor and Subscriber roles, which both had very distinct functions when it came down to the permissions they each granted or rejected for a user.
The changes we have made will provide a few basic pre-defined roles. Contributor and Subscriber are still in there, but the permissions they grant are slightly different than before. Subscribers have the least amount of permissions that can be granted by the user roles. Contributors now mostly are able to add data to Circles, but they cannot remove it. We have also added in the role Operator, which is designed to take more of an administrative role with being able to decide what should and should not be protected. The default roles have the following permissions.
## Pre-Defined Roles
|Subscriber||ReadOnly Access - No contextual menu privileges|
|Contributor||ReadWrite Access - Add File to Circle, Add MagicFolder to Circle, View Network Policy, SecureSend|
|Operator||ReadWrite Access - Add File to Circle, Remove File from Circle, Add MagicFolder to Circle, Remove MagicFolder from Circle, View Network Policy, SecureSend|
In addition to these pre-defined roles, we have also provided server administrators the ability to create their own roles, should they want something in between the pre-defined ones. This gives administrators the freedom to create roles that limit the individual functions which make up the role system. Let’s go over what those are now.
Creating a User Role
Before we go over the description and function of each configuration option, let’s look at the whole page.
- The Role Name can be whatever you want it to be, and will be used to identify the role for selection when configuring Users in Circles.
- Access refers to the type of access granted to the files protected under Users in Circles using this User Role. The options are;
- ReadWrite - Users with this role configuration have full access to open and edit these files, then save it while keeping it protected the whole time.
- ReadOnly - Users with this role configuration will only be able to open and read data. They will not be able to edit and save a protected document.
- MagicClipboard is SecureCircle’s clipboard protection feature that helps remove the ability to copy and paste protected data, if desired, no matter where it is in the system. More information on this specific function can be found from the following page.
Contextual Menu Options
This set of options allow for more granular control over what users can do with your data. It specifically relates to the context menu options that appear when you right-click on a file or folder. You may want someone to be able to protect items, but ensure that only select individuals have the ability to remove that protection. You may want to ensure those users keep your data internal and prevent the ability to share it with unapproved 3rd parties. Here I will go over what each of these options can do for you;
Add File to Circle - This is the most basic feature of SecureCircle. The ability to right-click a file and choose to protect it. Adding the files to a Circle means protecting it with a specific set of policy configurations from that Circle.
Remove File from Circle - The other half of the most basic feature is the process of removing protection from a file that was previously added to a Circle. This option will appear only for files that are already protected.
Add MagicFolder to Circle - The counterpart to being able to protect a file is to assign a folder a protection level referred to as a MagicFolder. This will allow you to have the folder dictate the level of protection for any file placed into, created in, or accessed in said folder. This can come in handy for automation of protection for files that are created by reports, exported from servers, dropped into network storage by multiple users, or even for large data dumps and acquisitions. As this can have a large impact on entire volumes of data, caution is advised.
Remove MagicFolder from Circle - This will remove the magic from your MagicFolder, and turn it into an ordinary run of the mill mundane folder once more. As this can have a large impact on entire volumes of data, caution is advised.
View Network Policy - This option is primarily used for troubleshooting, but can also provide some insight into how the protected files are able to move around on your network. When you right-click a file and choose the Properties option, SecureCircle is in the Properties tabs. From there, at the bottom left of the tab, there is an option to View Network Policy. You will always see a Circle name and Circle ID, as well as the Policy name and Policy ID. If you see nothing else, there are no limitations to network transmission to and from these files. Alternatively, you may see specific inbound and outbound rules which are explained better in the document linked below. Network Policy Best Practices
SecureSend - This setting will allow you to utilize the SecureSend function for all files under the Circle the User Role is assigned to. This setting does not handle any specific settings for SecureSend, only if you are allowed to use it. For settings and controls, please visit SecureSend to read up on it.
Modifying a User's Role
The user role is assigned during creation. If the user role needs to be changed after creation, follow the steps below.
- Go the the Admin UI and click the Circle menu from the navigation.
- Click on the Circle the user belongs. This will present a list of all users in that Circle. If the user role needs to be changed in multiple Circles, repeat these steps for each Circle.
- Click on the checkboc for the user whose user role needs to change. Go to the Actions button and click Modify User.
- Click on the Role pull-down and select the new user role.
- Click Modify and the new user role will be applied.