More user permissions on Secfix
A
Alper
As Secfix grows, I see the need to allow companies to better segment their user permissions (not only between admin or employee).
Created by Lucas Backes
J
Jakub Wanat
Marc Mo. would like to define and limit what auditors can see within their Secfix instance (e.g., certain risks, modules like employees or access, or outdated inventory items like old employee laptops). Current access model only allows full access or no access, with no granularity to hide or expose specific sections. A more flexible access control (e.g., by module or asset type) would help limit exposure of work-in-progress or irrelevant data during audits.
Sophia Fries
Another client requested this feature, it would be great if was possible to select different permissions for the Admin role, so not all admins can see all features on Secfix. Example, Head of IT team will need to complete the IT risk assessment but they should not have access to edit Vendors or Policies on the platform.
Ghada Shebl
Alper Thank you for your feedback! To prioritize, which roles or permissions do you believe are crucial to include, aside from admin and employee?
B
Bettina N.
Ghada Shebl In our Use Case, we would need the ISMS Council / Team with a special role, they are e.g. Risk Owners and should be able to see the risks and also approve them and work on tasks assigned to risks, but they don't work on Policies, Manual Evidences, etc. Maybe the role could also be more generic for the usage, e.g. "Risk Managers".
F
Florian H.
Ghada Shebl from our perspective:
- admin
- management: access to some features like Risk register but not full admin
- normal employee
- external employee