Permissions - Access Control
This document details the Permissions - Access Control feature within the Nimbly Web Admin, offering a centralized interface for managing high-level access rights for various user roles. This feature is crucial for controlling fundamental administrative abilities, such as general settings management, role creation, and API integrations.
1. Feature Overview
The Permissions - Access Control feature enables administrators to define overarching access rights for different user roles within the Nimbly Web Admin platform. It provides a central point of control over core functionalities, ensuring that only authorized personnel can perform critical administrative tasks like:
- Managing general account settings.
- Creating and managing user roles.
- Accessing and generating API integration tokens.
- Reviewing and approving federated account requests.
2. Current Status & Compatibility
| Attribute | Detail |
|---|---|
| Current Status | Released (Available in Production) |
| Platform(s) | Nimbly Web Admin |
3. Access & Permissions
This section outlines the roles required to configure this feature and the target users whose permissions are affected.
| Attribute | Detail |
|---|---|
| Required Roles | Superadmin, Account Holder |
| Interface Location | Settings > Access Control > Permissions tab |
| Target Users | Permissions apply to users assigned to the following roles: Superadmin, Account Holder, Admin, Supervisor, Auditor, and Customized Roles. |
4. Key Capabilities
The Permissions - Access Control feature offers comprehensive control over critical administrative functions:
- Role-Based Access Control: Defines core system access based on predefined user roles, ensuring actions are aligned with responsibilities.
- Granular Permission Setting: Empowers administrators to precisely enable or restrict fundamental administrative functions for each role.
- Control Over Account Settings: Manages permissions for viewing and editing general account settings and device control settings.
- Control Over Role Management: Determines which roles have the authority to create new user roles within the system.
- Control Over API Integration: Manages permissions for viewing existing API integration details and generating new integration tokens.
- Control Over Federated Account Request: Manages permissions for viewing and approving requests for federated accounts.
5. Core Workflows & UI Walkthrough
Follow these steps to manage high-level permissions:
5.1. Navigate to Permissions Access Control
- Log in to the Nimbly Web Admin as a user with sufficient permissions (e.g., Superadmin, Account Holder).
- From the main navigation, go to Settings.
- Select Access Control.
- Click on the Permissions tab.
5.2. Identify User Roles
The following standard roles are available for permission configuration:
- Superadmin
- Account Holder
- Admin
- Supervisor
- Auditor
- Customized Role
5.3. Understand Permission Categories and Actions
Permissions are grouped by categories, controlling various high-level actions:
| Permission Category | Specific Permission | Description |
|---|---|---|
| Account Permissions | Manage general settings | Controls access to account-level general settings. |
| Manage device control | Controls access to settings related to device control. | |
| Manage roles | Create new roles | Controls the ability to create new user roles within the Role Manager. |
| API Integration | View API integration | Controls the ability to view existing API integration details. |
| Generate new integration token | Controls the ability to create new API integration tokens. | |
| Federated Account Request | View request account | Controls the ability to view federated account requests. |
| Bill requested account | Controls the ability to manage billing for requested federated accounts. |
5.4. View Current Permissions
Within the interface, permission states are indicated as follows:
- Checkmark (Purple Box): Indicates that users with this role have permission to perform the corresponding action.
- Empty Box: Indicates that users with this role do not have permission to perform the corresponding action.
- Dash (Grey Horizontal Line): Indicates that the permission is not applicable or not configurable for this specific role.
5.5. Modify Permissions
To alter access for a specific role and permission:
- Locate the intersection of the desired user role column and the relevant permission row.
- Click or toggle the permission indicator (checkmark/empty box) to change its state.
- The system will provide visual feedback to confirm the change.
5.6. Save/Reset Changes
- Once all desired modifications are complete, click the “Save” button (typically located in the top right of the interface) to apply the new access permissions.
- Clicking the “Reset” button will revert all configuration settings on the page to their original, default state.
6. Configuration & Customization
Administrators can extensively customize fundamental system access for each user role. This allows precise control over who can manage core settings, create new roles, and interact with API integrations and federated account requests, thereby fostering a highly tailored and secure administrative environment.
7. Related Features & System Connections
This feature is integral to the overall Nimbly platform and has direct connections to:
- User Roles (Role Manager): Directly influences and controls the ability to create and manage new user roles within the “Role Manager.”
- API Integration: Manages direct access to functionalities related to API integration, including viewing details and generating tokens.
- Account Settings: Governs access to critical, account-level configurations and settings.
- Federated Account Management: Controls access to the processes and requests associated with federated accounts.
8. Best Practices
To ensure robust security, operational efficiency, and data integrity when configuring permissions:
- Restrict Core Administrative Functions: Limit permissions like “Create new roles” to only Superadmins and Account Holders to maintain strict control over user management and system integrity.
- Control API Access Carefully: Grant API integration permissions exclusively to roles that genuinely require programmatic access to Nimbly data and functionalities, minimizing potential security risks.
- Manage Account Settings Sparingly: Limit access to general account-level settings to prevent unintended or unauthorized modifications that could impact the entire organization.
- Monitor Federated Account Requests: Ensure that appropriate and authorized roles have secure access to view and manage federated account requests, maintaining proper oversight.
- Regular Review: Periodically review these core permissions to ensure they remain aligned with your organization’s evolving structure, operational needs, and security policies.
- Thorough Testing: After any permission modifications, thoroughly test the affected user roles to verify that users have the intended access levels to these fundamental system functions within the Nimbly Web Admin.
- Comprehensive Documentation: Maintain clear, up-to-date internal documentation outlining the specific core permissions granted to each user role.