Skip to main content
All CollectionsInformation Center
Role-Based Access Control (RBAC) for Reco Platform
Role-Based Access Control (RBAC) for Reco Platform
Reco Product Management avatar
Written by Reco Product Management
Updated over 2 months ago

Overview

The Reco platform employs Role-Based Access Control (RBAC) to ensure that users have appropriate access levels based on their roles and responsibilities. Below is a detailed description of the roles and their permissions within the Reco platform.

Reco supports integrating multiple instances of each app. This is particularly useful for organizations with multiple subsidiaries or those undergoing acquisitions, where distinct app instances are required for different entities.

The Reco platform is comprised of the following modules:

  • Posture Checks, App2App, Identities, Compliance, and Alerts: These modules provide relevant insights across all instances integrated into the system.

  • App Portfolio: Aggregates data from all modules to present a comprehensive view for a specific instance.

  • App Discovery: Offers visibility into all SaaS applications used within the organization, including shadow apps.

  • Policy Center: Enables management of detection policies supported by Reco.

  • Investigation Center: Serves as an inventory of organizational assets, events, and devices.

  • Configurations: Includes user management, integration settings and audit log.

  • Dashboard: Offers a comprehensive overview of key insights from all system modules.

Roles and Permissions

1. Admin

  • Description: The Admin role is the highest level of access within the Reco platform.

  • Permissions:

    • Access to all modules and instances within the platform.

    • Full control over user management, including creating, updating, and deleting user accounts.

    • Capability to set up integrations for the platform.

  • Typical Users: Team members of the security team responsible for overall platform governance and configuration.

2. Member

  • Description: The Member role is designed for users who require limited access to specific instances.

  • Access Scope: Members have restricted access to specific instances based on their assignments.

    • Accessible Modules: Members can access the following modules but will only view data related to their assigned instances:

      • App Portfolio

      • Posture Checks

      • App2App

      • Identities

      • Alerts

      • App Discovery

      • Dashboard

    • Restricted Access:

      • Cannot access the Configurations module to perform administrative tasks or manage integrations.

      • Cannot access the Investigation Center or Compliance modules.

  • Typical Users: App owners of specific apps or/and instances.

3. Discovery Admin

  • Description: The Discovery Admin role is tailored for users who focus solely on the App Discovery module to manage and oversee the organization's third-party applications.

  • Permissions:

    • Full access to the App Discovery module.

  • Typical Users: GRC teams, IT professionals, and security analysts.

4. Discovery Analyst

  • Description: This role is designed for users responsible for managing SaaS applications within a specific organizational segment, such as a unit, market, or country.

  • Permissions:

    • Access to the App Discovery module to view aggregated data across all segments.

    • Permission to update data exclusively for the segments they are assigned to manage.

  • Typical Users: IT professionals overseeing specific organizational segments.

5. RecoAdmin

  • Description: The RecoAdmin role is exclusive to internal Reco platform staff and is not available to external users or customers.

  • Permissions:

    • Internal administrative privileges, including managing system-wide configurations and troubleshooting.

    • Restricted from being assigned to external organizational users.

  • Typical Users: Reco technical support.

Did this answer your question?