Efficient Role Creation for Privileged Access Management

Setting up Resource Reservation

Resource Reservation Permissions Overview

In the Resource Reservation system, managing access and actions is streamlined through a well-defined permissions structure. This structure is crucial for maintaining efficient and orderly operations. Each permission type serves a specific function, allowing for a flexible and secure approach to managing bookings and access. Below is a detailed table outlining the various permissions available within the system, along with their respective descriptions. This table serves as a guide to understanding the capabilities and restrictions associated with each permission, ensuring that users and administrators can effectively navigate and utilize the reservation system.

PermissionDescription in English
Immediate AccessEnables immediate access to the profile.
Requires AuthorizationIndicates that the user request requires an approval.
Can AuthorizeCan authorize / Approve reservation request
Can Self BookCan create reservations for oneself
Can Get BookedCan be added by others for the use of a resource.
Can Book OthersCan create reservations for others.
Allow RecurrencyCan create recurring reservations.

These permissions can be strategically combined and organized to establish a range of specialized roles, each catering to different aspects of the booking process. This modular approach allows for the creation of roles that are specifically designed for distinct functions within the reservation system. For instance, some roles might focus on the initial request of a reservation, enabling users to efficiently book resources. Others could be tailored towards the administrative side, overseeing the management, approval, and scheduling of these reservations. This level of customization ensures that each role is equipped with the appropriate permissions to effectively carry out its designated responsibilities, from the initiation of a booking request to the comprehensive management of the reservation lifecycle

Permission Assignment

To edit a profile, simply click on the three dots located at the upper right corner of the profile you have selected

By default, all profiles in the system are configured for anonymous access (Allow anonymous access) meaning that is not bind to any kind of permission and any user can see it.

However, when a profile is edited to remove anonymous access, the permission assignment panel is automatically activated. This panel allows administrators to add users as needed and assign them the appropriate roles based on their responsibilities and access requirements within the system.

Following this, you will need to add the specific users you wish to associate with these permissions to complete the setup

When a user or a group of users is added to the system, they are automatically granted unrestricted access to the designated resource. This means that these users or groups have the ability to access the resource at any moment, without facing any time-based limitations or constraints.

This is the juncture where permission roles become integral. You have the flexibility to create various roles based on the specifications previously mentioned, by combining different capabilities such as 'Requires Authorization', 'Can Authorize', or 'Can Self Book'. Once a particular combination of permissions is established, this custom role can be reapplied to multiple users or user groups, aligning seamlessly with your organization's workflow and operational needs

In this example, we have crafted two distinct roles by combining different capabilities. The first role is designed for individuals who can request bookings for resources, and the second is for those who are authorized to approve these bookings

By selecting the 'Add' option, you can create a new role using a combination of permissions tailored to your specific requirements

Roles can also be edited and repurposed across your privilege access workflows, providing adaptable and efficient resource management

You can replicate this process to establish all the necessary roles and associate them with the respective resources required to facilitate privileged access sessions

In conclusion, the versatility and strategic design of our resource reservation system provide a robust framework for managing access and booking processes. By utilizing customizable permission groups and roles, users can effectively tailor the system to meet their specific operational needs. The intuitive interface, highlighted by the ease of editing profiles and roles, ensures a user-friendly experience. This system not only streamlines resource management but also enhances the efficiency and security of workflows, particularly in environments requiring precise privilege access control. As we continuously evolve and adapt to changing organizational demands, this system stands as a testament to our commitment to delivering solutions that are both innovative and practical
    • Related Articles

    • Individual Resource Booking

      In this guide, you'll find easy-to-follow steps for creating individual resource reservations on Thinfinity Workspace. Designed for quick reference, it will help you navigate our Privileged Access Management system with ease, making the reservation ...
    • Instance Management Panel

      Intro Imagine a scenario where an IT administrator needs to oversee and manage a fleet of virtual machines (VMs) deployed across various departments in a company. The Instance Management Panel in Thinfinity Workspace becomes an indispensable tool in ...
    • Secondary Brokers in Thinfinity Architecture: Bridging Networks and Enhancing Security through Zero Trust Access

      Introduction In the evolving landscape of network security and virtualization, the concept of Secondary Brokers has emerged as a pivotal component in the Thinfinity architecture. These brokers are instrumental in creating Zero Trust Networks for both ...
    • How to Configure the Anonymous Access Feature

      Doc Type: How-to Product: Thinfinity Workspace Version: 7 and above The Anonymous Access feature provides a flexible approach to security by allowing access to the Thinfinity Workspace Web Portal and/or specific access profiles without the need for ...
    • How to create a new WAG (Web Application Gateway) access in Thinfinity Workspace

      Product: Thinfinity Workspace Version: 7 and above Introduction The purpose of this article is to guide new users on how to publish a web application in Thinfinity Workspace. This step-by-step guide will help users through the configuration process ...