User groups are built-in objects giving permissions to all users inside of them, with a specific role across a scope.
For now, it is not possible to create custom role assignments so you need to use built-in user groups. They are linking a domain with a role which contains precise permissions, that will be given to users in this group.
Let's give some details on the 5 built-in roles:
Administrator
full access (except approval), and specifically management of domains, users and users rights
Domain manager
full access to selected domains (except approval), in particular managing rights for these domains. Read access to global objects
Analyst
read-write access to selected projects/domains. Read access to global and domain objects
Auditor
read access to selected projects/domains
Approver
like reader, but with additional capability to approve risk acceptances
Django superuser is given administrator rights automatically on startup.
Once your instance is created, three user groups are already present:
Global - Administrator
Global - Approver
Global - Auditor
They give corresponding permissions on Global scope so on every object of your instance.
They are created for each domain you add. For example, if you create a domain R&D, there will be:
R&D - Domain Manager
R&D - Analyst
R&D - Approver
R&D - Auditor
They give corresponding permissions on the domain scope so on every object inside R&D.
Under Organization, click on Users and then Add user:
Set up the email of the new user:
Once created, a new user doesn't have any permissions by default. Click edit and update the user groups:
If you are working on a single domain, or working on solo, you might just set `Global - Administrator`
When the user are added, and if the mailer is set, he/she will receive an email to set up the password. If not, you can set a temporary password as illustrated above.
You can find here CISO Assistant global organization. All entities will be linked to or contained within these objects.
For Access Control purpose, CISO Assistant data is organized in a tree of folders. Starting from a root folder called Global, it divide into sub-folders called domains. The organization of the tree is not hard-coded, it is entirely determined by configuration. Any object in CISO Assistant is attached to a folder (including folders), either directly or indirectly through a parent object that is attached to a folder.
A domain permits to organize your work depending on your use of CISO Assistant. For example, inside a company, you can create a domain for each department for which you need to carry out a variety of projects, or if you have different customers, you may as well have a domain for each one in order to delimit your work area.
A domain is the first thing you create on CISO Assistant. It will bring together all objects you need to complete your different projects. Every role/permission a user has on a domain are applicable to all objects/actions across the domain. It's all about organization, the only technical aspect is access control, and this is achieved by adding the user to the relevant user group.
Projects are fundamental context objects defined by the entity using CISO Assistant. They are grouped in domains. They will contain all your risk and compliance assessments. Apart from being able to group your various evaluations across the different domains.
There are two specific fields, internal reference and status. Here are the various status options:
-- (None)
Design
Development
Production
End of life
Dropped
The purpose of a project is at first, it's organizational aspect to solve a problem. But it also makes it possible to improve analytics by breaking them down according to the different assessments, whether for risk or compliance, so as to make your project management more precise and reduce noise.
In the first/open source version of CISO Assistant, custom role assignment is not available. So, when you create a domain, user groups concerning this domain are automatically created for each built-in role. All you need to do, is to assign your users to their user groups. To learn more about this, jump to .
User groups go hand in hand with domains. they associate permissions with users and define their scope, by being attached to a domain. They follow a simple and consistent RBAC model from a role containing permissions and a domain determining the perimeter. Go to the page for more details.
