Role-based access control – a security boost
How many users in your organization have global admin rights within your Microsoft Partner Center? If you are thinking of a number higher than five, you have come to the right place.
Role-based access control (RBAC) is a type of functionality that makes it possible to segment the data and permissions your employees have access to based on what they need. RBAC provides employees with the rights to access information that is needed to do their job and excludes them from accessing information that does not concern them. Thus, making sure that employees cannot access sensitive information that is not relevant to them, and preventing them from conducting certain tasks they have no business doing.
Nowadays, most software applications will have some form of role-based access control, though the depth and detail to which roles can be customized varies greatly.
How does it work?
As stated, there are many variations and gradations when it comes to role-based access control and different applications and software. For this article, our focus is on the Microsoft Partner Center.
The Microsoft Partner Center offers quite extensive role-based access control, but it still has its limits. For example, when you grant someone the rights and permissions to manage customers in the Partner Center, you cannot make a distinction between which customers are accessible to the user. It is all or nothing.
Since common actions such as managing your own partner organization, billing tasks, Microsoft Support tasks, and customer management require global admin access, many companies often use multiple global admin accounts to ensure no one is hampered in their work. Having multiple users with global admin rights within a portal as vital to the business as the Microsoft Partner Center is not desirable. With many global admins, not only do more people have the privilege to change and alter roles, making it easy to lose sight who has which permissions, but it also increases the risk of human error by people having access to features and functionalities they should have nothing to do with.
To deploy role-based access control, a global administrator in charge of assigning and managing roles is needed. In the Microsoft Partner Center scenario, they can assign rights and permissions to certain users by one of the available Partner Center roles. The admin has full control over who has access to which role and can rescind someone’s access a moment’s notice.
What are the benefits of role-based access control?
- Hardening security. Role-based access control helps companies overcome security challenges. Roles are assigned to the right employees which gives them access to only that information needed to do their job. This significantly reduces human error. Also, with the use of RBAC, admins can monitor who has access to sensitive information and make sure this number stays low. Ensuring a lower risk of potential data breaches or data leaks.
- Improving operational efficiency. The need for paperwork and administrative hassle will decrease when a company hires a new employee or when a current employee switches role. RBAC allows companies to instantly change and/or add roles according to operational needs, as well as implement them in platforms and organizational networks. An organization can have pre-defined roles that are easy to turn on and off when responsibilities change. For example: someone works in the marketing department but also needs access to a sales role. This role can easily be assigned to this employee without having to manually change their entire profile or risk giving these resources to someone else. Moreover, third-party users can easily be added to a company’s network by assigning them a pre-defined role.
- Easier to manage for administrators. RBAC gives network administrators and managers a higher level of visibility and insights into the company. It also helps ensure employees/users only have access to information they are authorized to see and need to do their jobs.
- Reducing costs. This is particularly relevant in areas such as Azure, where for example instead of instantly scaling up, an employee would be forced to see it they can use what they have been assigned more efficiently, before petitioning with their manager for more of whatever they need.
How can Spinpanel help?
The Spinpanel platform allows for remarkably fine-grained role-based management. The whole idea of Spinpanel is that you no longer need to work within the Partner Center. Instead everything can be done within Spinpanel. Since Spinpanel provides its own role-based management system, a great benefit is that you would theoretically only need to have one Partner Center global admin account. All tasks for which you need this role can be segmented within Spinpanel. For example, Spinpanel admins can give users access to certain groups or subsets of customers and allow them to manage said groups and only said groups, without having access to all customers as they would have in the Partner Center. These employees would only need access to the Spinpanel platform and not the Microsoft Partner Center which brings about the benefits mentioned above. Other examples of role-based management possibilities within Spinpanel are:
- Allowing employees to add products but not delete them
- Giving employees access to reporting but not customer management
- Letting employees add users but not delete them
And many more… Interested how we can help harden your security and bring down that number of global admins? Get in touch!