SecApps has a granular permission system which helps you define strict access control to services and resources with ease.

By default, all team members have access to all team resources except the ability to modify the team itself. The team can only be changed by the team owner which is the person who created the team in the first place. However, in order to accommodate situations where team management is a shared responsibility, you could define specific permissions as well. Therefore, team management permissions fall under two categories which you can access from the team dashboard:

Team Permissions

By clicking the Team Permissions button you get the ability to define access to team members who need to manage the team itself. By default, only the team owner has such access. Use the following steps to provide access to the team to other members:

  1. Click the Team Permissions button
  2. Specify the team member who will assume team management permissions
  3. Select the type of permission which is either allow or deny
  4. Select the action. By default, all actions are selected. You can, however, choose a specific action such as Edit or Execute

Resource Permissions

Resource permissions control access to team resources. By default, all members have access to all team resources. You can restrict this access from this screen. The following steps can be used to define exception where a team member is not allowed to delete resources in Scout:

  1. Click the Resource Permissions button
  2. Specify the member who will assume the new permission
  3. Select the type of permission, which in this case is deny
  4. Select the resource itself, which in this case is * meaning all resources
  5. Select delete as the operation which we will restrict

This permission will successfully block the team member deleting resources which are created on behalf of the team.