Working with identities, permissions, and teams

In Trust Protection Platform, access to the system is managed primarily through identities. The term identities refers to both users and groups in the system. Roles with specific permissions are also used and can be assigned to both users and teams (see Understanding system roles).

Identity information can be obtained through several sources including external data sources, as well as locally-created and managed users and teams. Identities control access not only to the overall platform, but through inheritance policies that can be controlled at all levels of your data structure, all the way down to the individual items being tracked in Trust Protection Platform.

This section includes information about how to manage identities and the permissions associated with identities. This information is organized into the following main groups of information:

  • Managing identities from third-party data providers. Most organizations manage their users and groups in systems like LDAP or Active Directory. You can synchronize the data in Trust Protection Platform with your identity provider, and assign permissions to users and groups imported from your external data source.
  • Managing identities directly in Trust Protection Platform. These identities are called local identities. You can create, organize, and manage users and groups directly in the system, and assign permissions accordingly.
  • Managing permissions for identities. The permission management system works the same way regardless of whether your identity information is imported from a third-party source, or whether the identities were created directly in Trust Protection Platform. In this section, you will see how permissions are granted and managed across the various Trust Protection Platform consoles.
  • Searching for identities. If you need to see what permissions are granted to an identity, there are a couple of ways you can search for them in Trust Protection Platform, giving you a clear view into what users and groups are in your system, and what permissions they have.

All users shown in the system can log in to Trust Protection Platform; however what they can see and do depends upon their assigned permissions. Trust Protection Platform uses a least privileged model of system administration. So, by default, local users (users created directly in Trust Protection Platform) have only the Read permission and external users (those imported into Trust Protection Platform from a third-party data source) have no permissions. You must explicitly grant permissions to users and groups before they can manage objects.