Administration
Administration may be accessed from the gear icon in the upper right hand corner near the User Profile icon.
System Configuration
The System Configuration menu allows for editing of a number of default options found throughout the system, esepcially in the User Profile. These include the:
- Notifications default
- Default theme
- Default Area Code
- Default Navigation Bar style
Tip
All of the defaults may be modiied on a per user basis in any user's Profile page.
Security Management
Team Hierarchy
The Team Hierarchy page allows for explicit controls of the team relationships between any team within the system. The view is relative to a single team at a time. This means that when working in the Hierarchy editor, you are always viewing the relationships that the primary team in focus has with all other teams in the system.
Teams govern record ownership, effectively row-based ownership, within the CyOPs Security Model. Team Hierarchy reflects how team ownership relates between discrete teams.
There are three levels of relationships within the Team Hierarchies:
Relationship Type | Description |
---|---|
Parent | A Parent team user may apply their role permissions on any Child team's records based on the user's RBAC privileges. A Child team user may not apply their role permissions on a Parent team's record. |
Sibling | A Sibling team may act on any Sibling teams' records equilaterally, meaning both teams effectively own each others records within all team member's RBAC user model. Any user on a Sibling team may use their RBAC permissions on any Sibling owned records. |
Child | A Child team may not act on any Parent team's record, but all of the Child records may be acted upon by the Parent based on a Parent team's user RBAC permissions. |
There is no inheritance within the Team Hierarchies. This means all relationships are specific to the individual team in question.
Teams
The Team Editor allows for global user assignment to teams created within CyOPs as well as for creating of new teams. Moving users between teams is a simple process of selecting the users who are designated to be Team Members. Standard filtering and searching techniques may be used during the user assignment process.
Role Editor
The Role Editor allows for the adding and editing of all Role Based Access Control (RBAC) permissions within CyOPs. Role permissions are based on the Create, Read, Update, and Delete model (CRUD). Each module within the system has explicit CRUD permissions that may be modified and saved within a single Role.
A user may have one or more Roles applied to their RBAC model. Each Role granted to a user is additive to the users overall RBAC permission set, never deprecating. This means that any single user's effective RBAC permissions is an aggregation of all of the CRUD permissions granted to them by each Role they are assigned.
Default Roles
By default, each CyOPs instance has at least one Role in place after installation, the Security Administrator. Roles such as the Application Administrator and Playbook Administrator are typically default as well.
All Roles are "soft" Roles, meaning none of the default Roles are hard coded. You may modify, reassign permissions, and delete roles at will, but use this power with extreme caution.
Tip
We recommend you keep the default Roles and append new Roles.
Security Administrator
The Security Administrator is the single most important Role in the Application. The Security Administrator by default has the power to assign privileges to other Roles and Users. Essentially the Security Administrator holds the keys to the kingdom and may even assign themselves additional privileges as they see fit.
Warning
You should never delete the Security Administrator Role without ensuring that at least one assigned user has the Security module permissions in a role within the system or you risk locking yourself out of the system permanently.
The Security Administrator has RBAC permissions granted for the Security module, which includes the Team Hierarchy Editor, the Team Editor, and the Role Editor.
The Security Administrator role is responsible for creating the appropriate team structure, building and assigning roles, and adding users to the CyOPs platform.
Because the Security module is applied to a role, this role may be applied to any user in the system.
Application Administrator
The Application Administrator has full permissions across the System Settings, Audit Log, Application Editor, and View Template Editor. This role governs access to modifying or customizing the application.
Playbook Administrator
The Playbook Administrator has full permissions in the Playbook Engine and Rules Engine. This encompasses Playbook Collections, Playbooks, Rule Collections, and Rules.
Application User
The Application User has a limited base permission set on which to append additional permissions as desired via the Security Administrator
Full App Permissions
This Role is essentially the "root" user, meaning having full permissions across the Application. Note however that depending on the Team which any Full App Role User is on, data partitioning is still in effect, meaning that a user with Full App Permissions may not see all of the data within the application unless they've made their Team a Parent of all other Teams in the Application.
User Management
User Management allows you to add, delete, lock, unlock, and all other user administration tasks. User Management is only available to users with roles that grant access to People module.
The default 2 Factor Authentication is via Telesign. This can be configured on a per user basis. SMS and Voice options are available. 2 Factor Authentication is not a requirement of the system, but is recommended as a default for all users.
Note
All new users must change password upon first login, regardless of how complex the password given to them is.