All systems operational

Roles & Least Privilege

Design access using the fixed role set and the principle of least privilege.

#At a glance

DetailValue
AudienceAdmins, security owner
Estimated timeHalf a day
Portal areas usedSettings → Users & Roles
AI usedNone (security)

#Purpose

Assign roles so people can do their jobs and nothing more, keeping powerful roles rare.

#Business outcome

Access matches responsibility, and admin/CEO power is limited to a trusted few.

#Implementation checklist

1

Map each job to the closest fixed role

2

Reserve CEO/admin for a small, trusted group

3

Grant manager (full-access) only where needed

4

Review access after every rollout phase

#Dependencies

  • Departments designed

#Risks

Watch for these

  • Trying to create custom roles (the set is fixed)
  • Handing out admin to avoid thinking about roles

#Success criteria

Done looks like

  • Every user has a least-privilege role
  • Admin/CEO is limited
  • Access is reviewed each phase

Still need help?

Can’t find what you’re looking for? The DevSphere OS team is happy to help.