SOP: Role Policy Assignment
Whenever a role needs to be granted (or denied) permission to perform an action, access data, or use fields the policy decision point will use the policies assigned to the active roles to determine appropriate action.
- There is a new policy which needs to be granted or denied from an existing group
- There is a formal request to block types of data or actions from members of an existing group
- The legislative or policy environment has changed and policies on roles need to be modified.
- Ensure that the policy and role assignment are documented in a knowledgebase
- Ensure that the policy has been created
- Ensure that the administrative design matches the desired policy assignment (i.e. should this really be an assignment to an existing group, or should it be an assignment to a new group)
- Your account has the Alter Role security permission
- 1.
- 2.
- 3.
- 4.Locate the group to which the policies are being assigned/removed and click
Edit - 5.
- 6.Search for the assigned policy
- 7.Select the appropriate enforcement permission:
- 1.Grant - Members of the group should be allowed to access data tagged with the policy or perform actions demanding the policy
- 2.Deny - Members of the group should not be allowed to access data tagged with the policy or perform actions demanding the policy
- 3.Elevate - Members of the group may access data or perform actions tagged with the policy, however only after re-authenticating themselves.
- Close the ticket which was create to assign the policy
- Notify the manager / most responsible person for the group that the assignment has been changed.
Current Status: Example
Reviewed By: SanteSuite Team
Author | Date | Changes |
|---|---|---|
Justin Fyfe (SanteSuite) | 2022-03-15 | Initial Version |
| | |
| | |
Last modified 8mo ago