We are looking at implementing role-based access controls on some of our SaaS platforms due to entry into emerging markets. Does anyone have best practices to share?

Applications & PlatformsData PrivacyData Protection & Encryption+12 more
356 views3 Upvotes4 Comments
Chief Technology Officer in Software, 51 - 200 employees
RBAC : Go with 

1. Department
2. Role
3. Permissions

Each user will have a role in a department and associated permissions. A user within the department can have multiple roles. Say a finance manager can have EDIT access to finance report but read only access to user data.

Keep in mind that there should be a restriction on admin role and an admin cannot create other admin.

Maintain audit log of each role and edits within roles.
2
COO in Healthcare and Biotech, 5,001 - 10,000 employees
Avoid the temptation to build access around individuals. Try to define roles, functions, groups up front so that you can plan appropriate access levels and differences needed.

That said, for an emerging market, plan on being nimble and needing to pivot often. So don’t over invest in this planning and design phase. Build flexibility into the design.
3
CTO in Transportation, 11 - 50 employees
We do have role based access control on our system where we allow our customers to define their own roles and assign to those roles different levels of access to the different areas and features of the application.

Access is granted to the feutres using standard REST (verb + url).

That way our code only needs to check for the permissions that way.

There are some frameworks out there that rely on pre established roles for the code to check for but that’s very limiting and difficult to maintain.
Executive Architect in Healthcare and Biotech, 10,001+ employees
Expanding on the prior excellent comments:  Don't overload roles with privileges that a user might need occasionally.  Grant users additional roles with specific privileges when needed, for example during a maintenance window.

Content you might like

Is there a document available on ideas on designing a lean MDM(master data management) team? I've seen documents on solutions but looking for feedback on best practices vs a vendor right now.

Applications & Platforms
483 views

If you had a magic wand - what's the #1 daily business challenge you'd eliminate?

People & LeadershipStrategy & ArchitectureCloud+57 more
CTO in Software, 201 - 500 employees
Without a doubt - Technical Debt! It's a ball and chain that creates an ever increasing drag on any organization, stifles innovation, and prevents transformation.
142 19 Replies
Read More Comments
42.6k views131 Upvotes319 Comments

Which components of the Oracle Database environment do you plan to move to the cloud? (Select all that apply)

CloudApplications & PlatformsData & Analytics+7 more

Production45%

Backup65%

Replication33%

Non-production DBs (Dev, Training, QA, etc.)30%


215 PARTICIPANTS
1.3k views1 Upvote

Does the risk of Ransomware and malware propagation bother you? Is IoT security a top of mind for you? To protect against many risks, we have witnessed success of micro-segmentation in the data center. Would you be willing to deploy similar solution for the campus? I am very curious to get your feedback?

Security & GRCThreat & Vulnerability Management
Read More Comments
3.2k views5 Upvotes5 Comments

What are the leading video collaboration platforms your teams are using? Would you suggest you have more than one? We have 100k employees in 190 counties. Ideally we would prefer to support only one, but find ourselves with four.

CloudApplications & PlatformsManagement Tools+1 more

MS Teams46%

Google56%

Cisco (Webex)35%

Zoom20%

Other0%


54 PARTICIPANTS
400 views