Media content
Key Benefits
Access Registry & Matrix
A single registry of IS access records: system, object, roles or access right, users and groups, validity periods, status, review date. View, grant, and revoke access. Access matrix — mapping roles to functions and rights for each IS and environment; copying between environments, export to Excel.
Access Requests & Approval
Requests to grant or revoke access: select system, object, access records and roles, cabinet users, or third-party organizations/users. Multi-step approval with multiple approvers; request status (pending, approved, rejected, canceled) and administrative status after execution. Request attachments. Request management: view, approve/reject, export.
IS Configuration & API
For each information system: access rights, roles, functions (hierarchy), and objects (hierarchy) linked to an environment. Approvers and record statuses. Object-specific roles, rights, and functions; role–function–right mapping. API: store credentials (URL, login, password), synchronize users with an external API, export the list.
Notifications & Access Control
Email notifications upon request creation and status changes. Configure recipients (owners, administrators, requester, approvers, third parties) and additional addresses. Custom email subject and body templates. Sending history and retry on error. Access to matrix, registry, configuration, request management, notifications, and API — by groups and companies.
Features & Capabilities
IS Access Configuration
- Access rights: name, code, description, environment (production, test, development); optionally object-specific only
- Roles: name, description, link to functions; optionally object-specific only
- Functions: hierarchy, link to rights; optionally object-specific only
- Access objects: hierarchy, assigned roles, rights, and functions; object copying
- Access record statuses and approvers by system and environment
- Guide with translations
Access Registry & Matrix
- Access records: IS, object, environment, roles or right, users/groups (requesters and grantees), deadlines, status, review
- Add, edit, delete records; update status; assign record approvers
- Access matrix: roles × functions × rights for system and environment
- Copy matrix between environments; apply default matrix; export to Excel
- Guide with translations
Access Requests
- Submit request: grant or revoke access; system, object, access records, roles; cabinet users or third-party organizations/users
- Justification, additional requirements, notes; file attachments
- Approval: multiple approvers, status (pending, approved, rejected, canceled)
- Administrative status after approval: pending, granted, rejected, in progress
- Request management: view, filters, approve/reject, export; approver history
- Guides for requester and for request management with translations
API, Notifications & Access
- API: store credentials (name, URL, email, password), company, IS, environment; user synchronization, export to Excel
- Third-party organizations and users (name, contacts); link to requests
- Email notifications: enable/disable; triggers (request creation, status change, admin status change)
- Recipients: system owners, administrators, requester, approvers, third parties; additional addresses
- Custom email templates; test send; history and retry on error
- Access by groups and companies: matrix, registry, configuration, requests, notifications, API
Use Cases
Configuring System Access Structure
For each information system (from the asset registry), define access rights, roles, and functions with hierarchies separately for production, test, and development. Add access objects (e.g., modules or subsystems) with hierarchies and assign them roles, rights, and functions. Configure the "role – function – right" mapping in the access matrix. Specify approvers and statuses for access records. Copy the matrix between environments or export it to Excel as needed.
Access Registration and Review
Maintain an access record registry: for each IS and object (or system only), specify granted roles or access rights, users or groups, validity period, and status. Record the last review date and the person responsible for the review. Revoke access or update status when deadlines change. Use filters by company, system, object, and environment.
Access Grant and Revocation Requests
A user selects a system, object, access records, and roles, specifies who needs access (cabinet users or third-party organizations/users), deadlines, and justification. After submission, the request goes through approval; each approver approves or rejects. Upon full approval, an administrator sets the administrative status (granted, rejected, in progress). Attachments can be added if necessary. The request can be canceled before approval is complete.
Notifications and API Integration
Enable email notifications upon request creation and status changes. Choose who receives emails: system owners, administrators, requester, approvers, third parties (if specified). Add custom subject and body templates. View sending history and retry on error. For integration with an external API, store credentials (URL, login, encrypted password) and use user synchronization; export data to Excel.
Access Segregation by Groups
Access to the access matrix, record registry, IS configuration, request management, notification settings, and API is configured by user groups. Each group is assigned a list of companies — users only see and can work with data from those companies. Separate permissions: view, add, edit, delete for each subsection (matrix, registry, configuration, requests, notifications, API).
Technical Details
Architecture
IS access module: linked to information systems from the asset registry. Configuration: access rights, roles, functions (hierarchy), objects (hierarchy), statuses, and approvers by system and environment (production, test, development). Access records: system, object, roles/right, users and groups, deadlines, status. Matrix: role–function–right mapping. Access requests: request, approvers, attachments, administrative status. Third-party organizations and users. API credentials (password encrypted), synchronization. Email notifications: trigger and recipient configuration, templates, history. Guides with country-specific translations. Data in the project database; emails via mail configuration.
Security
Access is managed by groups and a company list; permission checks when viewing and modifying the matrix, registry, configuration, requests, and notifications. API passwords are stored encrypted. CSRF protection and input validation. Request approval workflow with status change history logging.
Scalability
Access record and request lists with pagination and filtering; queries with eager loading of related data. The matrix and configuration are loaded per system and environment. Excel export is handled within a typical request. API synchronization depends on the external service.
Customization
Rights, roles, functions, and objects with code, color, and country-specific translations; optionally object-specific (only for a particular object). Environments: production, test, development. Approvers and statuses per system. Email notification configuration: triggers, recipients, templates. Separate access permissions to subsections by groups and companies.
Frequently Asked Questions
An access right is a specific permission in the system (e.g., "read", "edit"). A role is a set of functions and rights for grouping (e.g., "Operator"). A function is an element in the system's capability hierarchy (e.g., "Reports" with sub-functions). They are configured for each information system and environment. The access matrix maps roles to functions and rights.
An access object is an element in the system's hierarchy (e.g., a module or subsystem). For an object, the available roles, rights, and functions are defined; you can create roles, rights, and functions that are specific to that object. An access record can be linked to the system as a whole or to a specific object.
A request goes through multiple approvers (the list is set for the system and environment or for a specific access record). Each approver sets a status: approved or rejected. When all approvers have approved, the request status becomes "approved". After that, an administrator sets the administrative status (granted, rejected, in progress) according to the actual access provisioning. The requester can cancel the request while it is still pending approval.
Yes. There is a registry of third-party organizations and third-party users (name, email, organization). When submitting an access request, you can select cabinet users or third-party organizations/users. Third-party data is stored in the request; in notification settings, you can specify sending emails to third parties at the provided email address.
The module allows connecting to an external API (e.g., an access management service): store the URL, login, and password (the password is stored encrypted). After that, you can synchronize users with the API and export the received data to Excel. Credentials are linked to a user, company, and information system; you can select the environment (production, test, development).
In the notification settings section, create a configuration: enable/disable, triggers (on request creation, on request status change, on administrative status change). Select recipients: system owners, administrators, requester, approvers, third parties; you can add additional email addresses. Custom email subject and body templates are supported. A test send is available, and you can view the history with the option to retry on error.
Access to the access matrix, record registry, IS configuration, request management, notification settings, and API is configured by user groups. Each group is assigned a list of companies — users only see and can work with data from those companies (systems, objects, access records, requests, etc.). For each subsection, separate permissions are specified: view, add, edit, delete.
Related Modules
Ready to Get Started?
Explore this module and enhance your organization's security posture