User Groups is a new way to manage your users in your account and is an upgrade to part of our existing access control options; User Restrictions.
User Restrictions enabled you to lock a user’s access down to a defined set of websites but only at a user level, meaning each user had to be restricted individually.
However, User Groups enables you to create a group with the restrictions attached and then add users to the group. This makes managing the restrictions and extending them much easier in the future because they only exist in one place.
User Groups also introduces our Website Tagging functionality to the restriction options. This means that you can attach Tags to Groups and then any websites added or removed to the Tags are automatically available to the users in the Groups.
For example, you may have multiple websites across multiple brands in your account. You could create a Tag per brand and add all the websites for that brand to the corresponding Tag. User Groups could then be created according to the people managing the brands and Tag restrictions attached to the groups accordingly.
When the User Groups functionality is deployed we will convert users with existing restrictions into groups with the correct restrictions attached. This is because the new functionality is an upgrade and replacement to the User Restrictions functionality, but existing restricted users need to have their same, existing rules applied.
Please note that there are some other behavioural changes that these upgrades have introduced.
The user access level type of “Users” in RapidSpike can now be restricted via the Group(s) they’re added to. Before, only “View Only” users could be restricted. The knock-on effect of this means that certain dashboards have now been designated as “Admin” only, and “User” level users will not be able to access them like they used to.
A group with no restrictions attached to it will mean that users in the group are not granted access to any websites. Also, if a website is created by a user who is in a group, the website will not be automatically available to them until an account administrator has added the website to their group restrictions.
Finally, the restrictions applied are cumulative when a user is added to more than one group. This means that if a user is granted access to Website A in one group and Website B in another, they will have access to both websites.
User Access Level Dashboard Restrictions
Admin
- Admin-only dashboards: Alert History, Attack Detection.
- Admin-only settings: Plan, Credits and Billing, User Groups, Maintenance Windows, Tags, API Keys and Company Branding.
- Can add, edit or delete monitors, websites, servers and scans.
- Admins cannot be added to User Groups.
User
- Cannot access Admin-only dashboards or settings.
- Cannot add, edit or delete other users.
- Can add, edit or delete monitors, websites, servers and scans.
- Can belong to User Groups.
View Only
- Cannot access Admin-only dashboards or settings.
- Cannot access Users, Reports or Custom Wallboards.
- Cannot add, edit or delete any monitors, websites, servers or scans.
- Can belong to User Groups.