One of the easiest ways to ensure security in ALP SaaS is to maintain the Principle of Least Privilege. We've briefly explored this idea in a separate article, but here we'll discuss exactly how administrators and those with user management access can make sure their platform adheres to this simple security philosophy.
Put plainly, a user only needs access to the features required to get their job done. Granting more is problematic as a potentially unqualified user can wreak havoc, whether intentionally or not, on a system.
ALP SaaS offers a way to manage user access on a page-by-page basis through its Security Roles feature and permission settings for individual users. This means that clients can decide exactly what their users can and cannot do.
It starts with the Administrator
Out of the box, the ALP SaaS platform will have a single Security Role: Administrator. This role grants select users access to everything in the application, including the ability to create new users and Security Roles themselves. That means the Administrator role should only be offered to those who need direct management of every aspect of an organization's loyalty platform.
In addition, it's up to this new Administrator to define how their instance of ALP SaaS will behave when it comes to user access.
An organization may want multiple tiers of platform access. In addition to the Administrator, the organization could have Marketing Managers, Customer Service Managers and Customer Service Representatives. Each potential position will only need access to the platform features required to get their jobs done.
In this example, a Marketing Manager would have access to the creation and editing of Promotions, while a Customer Service Representative may only have access to Clientelling screens and, maybe, some case management features.
Once your organization has decided how you'll spread the responsibilities across individual users, it's up to the Administrator to create the set of Security Roles that will work in the ALP SaaS platform.
To define a new Security Role, click Add Security Role. You'll need to give each role a name, but further customization is entirely up to you and your organization's needs.
ALP SaaS user management was designed so that organizations can fully customize and dictate their day-to-day operations and the overall management of the loyalty platform. That's why the Security Roles page offers the ability to set which roles can View, Edit, Add and even Delete aspects of every single page in the application.
It's important to come to the Security Roles page with organizational structure clearly defined. Once you know how, for instance, your Customer Service Managers will work, you can select exactly which pages of the ALP SaaS platform they can access. The same goes for any level of user you want to define.
Remember, you only want to give users permission to perform the things they need to get their job done. With that in mind, pick and choose page access that meets the needs of each job type.
Managing individual users
In addition to the Security Roles page, individual users can be managed through specific security settings.
Any user with access to the user management pages through security roles can navigate to System > User. Here, you'll find options to add users, select security roles and adjust specific security settings. This includes the ability to make point adjustments, redeem points, issue manual transactions, issue rewards and execute exports.
Managing user access
Once an Administrator creates a security role, the ability to edit its access remains in place indefinitely. It's up to organizations to make sure their pool of users has appropriate permissions, and that means the monitoring, addition, removal and tweaking of security roles could be an ongoing process.
As the ALP SaaS platform evolves with its regular release cycle, Administrators should take time to review each release notes update for new permissions and features. As features are added to the platform, user access may need to be adjusted to ensure users can take advantage of what's new.
The Administrator and managers should check in on their users. Make sure they have the tools they need to get their work done. If they have more than they need, scale back their permissions.
It's important to remember that, due to caching, security role changes may take up to 10 minutes to take effect.
Maintain the Principle of Least Privilege
When it comes to user access management in ALP SaaS, the process is simple.
- Build your teams.
- Define their workflow.
- Make their jobs easier.
- Monitor release notes for new features.
- Ensure the security of the loyalty platform.