When it comes to managing operational technology, creating a proper permissions hierarchy is essential to maintaining security and ensuring that employees have access to the tools and information they need to do their jobs. In this article, we will discuss the logical structure of Dispel's permissions schema and the permissions controls at each tier. We will also cover how users are created and managed, as well as how request access flows work within the Dispel platform. Finally, we will discuss how digital forensics are used to maintain accountability and auditing within the system.

Dispel’s permissions schema resides within a stacking hierarchy framework where roles and permissions are scoped within their respective tier. Users can belong to or have permissions to multiple tiers simultaneously.

Organization is the parent level, and are typically tied to the contracting company or business division. For example, the Organization level in our example is the Acme Brewing Co.

A Region is a SD-WAN communications backbone in a geographic region. Regions are therefore both a logical construct in the Dispel dashboard and a physical segmentation. Regions may be scoped to a wider area (e.g., North America), or a smaller zone (e.g., US East). All Regions are physically segmented from one another.

While you can name a Region whatever you want, the actual Region location is dictated by the availability of a public cloud provider in that area. In our example, Acme Brewing Co. might have a plant in Vermont and choose to have a Vermont-Maine Region, but if the nearest data center is in Virginia then that is physically where the Region will function out of.

A Facility is the physical installation connected into the Region. Here, the Acme Brewing Co. has a Boston Plant making beer in their North American Region.

Most facilities are easy to define: it’s a factory, a power plant, dam, or some other installation. You might also have smaller sub-facilities such as distributed sensors, floodgates, and wind turbines.

Devices are the hardware and software devices inside of a Facility. Often these are HMIs, PLCs, DCS. Fundamentally, control and visibility of what devices people and machines have access to inside of a facility is what the Dispel platform is about.

Permissions are scoped within each tier, and each tier enjoys its own permission controls.

Users may be created in Dispel through the native Privileged Access Management system, or through an integration with a federated identity provider. Dispel supports Okta and Microsoft Active Directory. For more information on how Dispel handles federated authentication, see this article.

Dispel allows permissions to be set and scoped down to individual users. It is also common for users to be assigned to a group based on their role in the organization, and their permissions therefore correspond to that role. This principal is commonly known as Role-Based Access Control.

Once a hierarchy and permissions have been established, standardized process flows within the Dispel platform should be used.

Dispel permissions are designed for IT and OT operational workflows. Typically, IT decides which vendors and employees are approved to request access to environments. IT and/or OT may decide which environments (Regions, Facilities, Devices) those users and groups have access to and at what level.

With the Request Access Flow module Administrators can select which users at a Facility-level are allowed to approve access requests. Typically, the approvers are OT plant managers running day-to-day operations.

User and Administrator—including Owner—activities are logged in the dashboard in an immutable state. Logs provide information on user activity, access requests, sessions, and account changes. These provide a clear record of changes made within the system by all users. Digital forensics are preserved for auditing and accountability and cannot be changed or deleted.

Dashboard event logs operate in addition to remote access system logging and session recordings.