Access Controls
This article details the different access control options in the Security menu.
Introduction to access control
Administrators in the Brinqa Platform can create permissions for roles, determining which modules they can access and how they can interact with them. Your Brinqa Platform starts with certain default permissions, but you can expand or modify them through the access control page.
To manage access controls, click Administration 
on the upper-right corner and under Security, select Access Controls.
The Access controls page displays a list view of the existing permissions in the Brinqa Platform. The following table details the columns on this page:
Table 1: Access control page columns
| Columns | Description |
|---|---|
| Title | The name of the permission. |
| Type | The type of module that the permission is for. Options include: System, Data model, Application, or Flow Action. |
| Operation | The action that can be performed. Options include: Create, Read, Update, Delete, Reset password, or All. |
| Resource | The target of the permission. Options include: User, Role, Application event log, or all targets indicated by an asterisk (*). |
| Roles | The roles that have this permission. |
| Active | Whether this permission is active. Inactive permissions are effectively archived. |
| Last updated | When the permission was last updated. |
Default access controls
Your Brinqa Platform comes with default roles and permissions. The following tables cover the permissions of the System Administrator, Administrator, Security Administrator, Risk Analyst, Configurator, and User roles.
Table 2: Default access controls
| Role | Permissions |
|---|---|
| System Administrator | All permissions. |
| Administrator | Reset password. |
| Security Administrator | Create user, Edit user, Read user, Delete user, Create role, Edit role, Read role, and Delete role. |
| Risk analyst | Read user. |
| Configurator | Read role, Read user, and Read application event logs. |
| User | Read only across the instance. |
Create a new access control
Navigate to Administration
> Security > Access controls.Click Create.
Fill in the following fields:
Title: The title of the access control.
Name: The name of the access control.
Type: The type of module that the access control is for. Options include: Data model, Application, or Flow action. The following table details the different fields associated with the different access control types:
Table 3: Access control fields by type
Selected type Available fields Description Data model Operations The action that can be performed. Options include: Create, Read, Update, or Delete. Data model The data model that the access control applies to. Attributes The attributes of the data model. If no attributes are selected, you have access to all attributes of that data model. Application Operations The action that can be performed. Options include: Access. Application The application that the access control applies to. Options include: Brinqa Platform or Cyber risk. Flow action Data model The data model that the access control applies to. Operations The action that can be performed. Options include: Execute or Transition. Flow definition The action that the flow accomplishes. Options include: data model delete flow or compute flow. Flow type The type of flow associated with the flow action. Options include: Button flow or Business process. A button flow Description: The description of the access control.
Active: Whether the access control is active. Inactive access controls are effectively archived.
Access control roles: Roles that can have this permission.
Access control filter: Set filters for the access control. For example, you can use filters to configure different access controls for the same data model.
Click Create.
Edit or delete an access control
You can edit or delete existing access controls. Hold the pointer over the entry and click Edit or Delete to modify an existing access control.
The User role has the following permissions:
Table 4: User permissions
| Permission | Resources |
|---|---|
| Read | Application |
| Read | Business Service |
| Read | Component |
| Read | Host |
| Read | Issue |
| Read | Issue Definition |
| Read | Ticket |
| Read | Vulnerability |
| Read | Vulnerability Definition |
The Configurator role has the User role as a parent, so it inherits all the permissions from the User role. In addition, the Configurator role has the following permissions:
Table 5: Configurator permissions
| Permission | Resource |
|---|---|
| Create, Read, Update, Delete | Data Model |
| Create, Read, Update, Delete | Data Server |
| Create, Read, Update, Delete, Test Connection | Data Source |
| Create, Read, Update, Delete | Data Source Rule |
| Manage | Index |
| Create, Read, Update, Delete | Mail Template |
| Create, Read, Update, Delete | Notification |
| Create, Read, Update, Delete | Notification Script |
| Create, Read, Update, Delete | Rule |
| Create, Read, Update, Delete | Scheduled Notification |
| Create, Read, Update, Delete | Scheduled Rule |
| Create, Read, Update, Delete | Scheduled Sync |
| Import, Export | Settings |
| Create, Read, Update, Delete | Ticket Creation Rule |
| Create, Read, Update, Delete | Ticket Closing Rule |
| Create, Read, Update, Delete | Views |
The Security administrator role has the User and Configurator role as a parent, so it inherits all the permissions from the User and Configurator roles. In addition, the Security administrator role has the following permissions:
Table 6: Security administrator permission
| Permission | Resource |
|---|---|
| Create, Read, Update, Delete | Access Control |
| Create, Read, Update, Delete | Role |
| Create, Read, Update, Delete | User |
| Create, Read, Update | Password Policy |
The Risk analyst role has the User, Configurator, and Security administrator role as a parent, so it inherits all the permissions from the User, Configurator, and Security administrator roles. In addition, the Risk analyst role has the following permissions:
Table 7: Risk analyst permissions
| Permission | Resource |
|---|---|
| Create, Update, Delete | Application |
| Create, Update, Delete | Business Service |
| Create, Read, Update, Delete | Business Unit |
| Create, Read, Update, Delete | Company |
| Create, Update, Delete | Component |
| Read | User |
| Read | Data Model |
| Create, Read, Update, Delete | Department |
| Create, Read, Update, Delete | Division |
| Create, Update, Delete | Host |
| Create, Update, Delete | Issue |
| Create, Update, Delete | Issue Definition |
| Create, Read, Update, Delete | Location |
| Create, Read, Update, Delete, Run, Share | Report |
| Create, Update, Delete | Ticket |
| Update, Delete | Views |
| Create, Update, Delete | Vulnerability |
| Create, Update, Delete | Vulnerability Definition |