Attribute Based Access Controls (ABAC)

  • Updated

Overview

For organisations who want to be able to hide content based on a user's group, department or other static attributes, Attribute Based Access Controls (ABAC) allow an organization to define security profiles that filter content based on easy-to-use search definitions. This feature ensures that certain content is accessible only to people with the correct attributes. ABAC represents a pivotal advancement for organisations requiring precise control over content visibility based on user attributes such as group, department, or other static factors, allowing easier control of users on the platform.

The benefits of using the RecordPoint ABAC feature include:

  • Reduced administrative overhead: With ABAC, organisations can automate content visibility based on user attributes, significantly reducing the time and effort required for manual access management. This streamlined approach allows administrators to concentrate on more strategic tasks, ultimately improving operational efficiency.
  • Enhanced security: ABAC offers a robust security framework by ensuring that only users with the appropriate attributes can access sensitive content. This granular control minimises the risk of unauthorised access, safeguarding valuable information and helping to maintain compliance with regulatory standards.
  • Scaled usage of the RecordPoint Platform: By enabling organisations to manage access based on specific user attributes, ABAC supports broader and more efficient use of the RecordPoint platform across a diverse range of use cases. As businesses grow and evolve, this feature facilitates dynamic access control, ensuring that the right people have access to the right information at all times.

Getting Started

Access to the ABAC module may require an additional subscription, depending on your current licensing model. If you wish to obtain access to the ABAC module, kindly contact your RecordPoint Account Manager.
Role Required  To create or manage ABAC security profiles, you need to be assigned to either the Application Administrator or Records Manager role in the RecordPoint platform.

To build an ABAC Security Profile and restrict the set of records a user can view/action, perform the following:

  1. Click on the Settings icon in the top right hand corner of the RecordPoint Platform.
  2. Under Security, click on Profiles in the left hand navigation pane.
  3. Click the New button to create a new Security Profile or click the link in the name column of a Security Profile from the grid.d1351996-fca8-448e-adbe-c179476f77ae.png
  4. The Security Profile page will open.
    1. The Name field is required. This will be the identifier for the Security Profile.

    2. The Description field is optional. This is additional info you can add to a Security Profile describing it in more detail.image-20241028-021900.png

    1. To leverage ABAC, the admin must create an advanced search query that defines what type of content users within this group are allowed to see.

    2. The Restricted Data section provides a preview of the content that is made available to users with the correct attributes.

      Navigate to the Data Trimming tab

  5. The Members tab displays all the users and groups that have been added to this Security Group. To add a new User or Group click the Add button. The Add Users or Groups pane will open.image-20241028-022452.png

  6. Add a User by their User Principal Name (UPN)

Groups that are added to security profiles are not currently ABAC trimmed. RecordPoint will look to support this functionality soon. If this is a hard requirement for your organisation, please raise this with your account manager.
When a user is added to multiple security profiles, they will have access to the data associated with all the profiles they belong to. This means the user’s access is cumulative across all profiles, similar to how an "OR" condition works in logic.
When a user is added to a security profile with ABAC trimming enabled, it will impact all content, including existing items within the RecordPoint platform. This is because ABAC is a real-time, search-based security filter that reviews all content in the system, ensuring users can only access what they have been granted permission to view.

Example Scenario ABAC now supports: Enabling Lawyers to use the RecordPoint platform for E-Discovery

The newly implemented ABAC feature in RecordPoint transforms how lawyers approach e-Discovery by providing tailored access controls that adapt to individual case needs. This allows legal teams to grant permissions based on attributes like client affiliation, document sensitivity, and user roles, ensuring that only authorised personnel can access or export crucial evidence. By enhancing security and streamlining collaboration, lawyers can focus on building stronger cases while effectively managing sensitive information all on the RecordPoint platform.

Was this article helpful?

0 out of 0 found this helpful

Have more questions? Submit a request