What Are The Best Practices For Role Assignment?
This article provides guidance on assigning roles in Edgescan to ensure security, efficiency, and compliance. Following best practices helps maintain the principle of least privilege and reduces the risk of un-authorized access.
Version Number: v1.0.0
Published Date: 09 Feb 2025
____________________________________________________________________________
Why Best Practices Matter
Roles simplify access management, but incorrect assignments can lead to:
-
Over-privileged accounts, increasing security risk.
-
Operational inefficiencies, where users have unnecessary access.
-
Compliance issues, if access controls are not properly enforced.
Key Best Practices
1. Apply the Principle of Least Privilege
Assign only the roles necessary for a user’s responsibilities. Avoid giving broad access “just in case.”
2. Combine Roles Thoughtfully
Roles in Edgescan are modular and can be combined. Examples:
-
Security Analyst: Asset Admin.
-
DevOps Engineer: Asset Admin + Scan Admin.
-
Manager: Org Admin.
Use combinations to tailor access without granting unnecessary permissions.
3. Use Direct Permissions Sparingly
Direct Permissions (granular controls) should only be used for:
-
Temporary exceptions.
-
Highly specific access needs. Roles should cover most scenarios.
4. Review Roles Regularly
-
Audit user roles quarterly or during major team changes.
-
Remove roles that are no longer needed.
-
Document changes for compliance.
5. Avoid Deprecated Roles
The Superuser role wil be deprecated in 2026.
6. Align Roles with Organizational Policies
Ensure role assignments comply with:
-
Internal security policies.
-
Regulatory requirements (e.g., GDPR, ISO 27001).
Common Role Assignment Scenarios
-
Onboarding a New Analyst: Assign Vulnerability Viewer + Scan Viewer.
-
Granting Temporary Elevated Access: Add Asset Configurator for a limited time, then remove.
-
Contractor Access: Assign Viewer roles only.