Skip to main content
Group Access Windows - Introduction and What Has Changed

The purpose of this document is to provide an overview of the Group Access Window feature functionality.

K
Written by Ken Steck
Updated over 3 months ago

Overview

Group Access Windows is a Level 3 impact feature, which means administrator and user day-to-day usage will change. The purpose of this document is to provide an overview of the Group Access Window feature functionality and provide a brief discussion of what has changed with the launch of this feature.

  • Group Access Windows provide time boxed access to one or more users or groups to any number of system resources as defined by the Access Window. This time-boxed reservation system allows more control over member access to system resources using time windows rather than the existing indefinite access based on member permission levels. In this way, member access can be audited at time intervals that meet customer needs.

  • The Group Access Windows feature allows system administrators to manage access permissions for multiple users more efficiently by using group-based access windows. This feature includes automatic assignment and bulk management functionalities, significantly improving the administrative workflow and simplifying the user interface for end-users.

Specific Benefits for System Administrators

1. Streamlined Management of Access Permissions:

  • Bulk Creation and Management: Administrators can create access windows for an entire group at once, eliminating the need to set up access for each user individually. This bulk action capability reduces time and effort, especially for large groups.

  • Centralized Editing: Any changes made to a Group Access Window are automatically applied to all users within that group. This central point of control minimizes repetitive tasks and ensures consistency across the system.

  • Automatic Assignment: New members added to a group automatically receive the necessary access windows without additional administrative action. This feature simplifies onboarding processes and ensures that all members have the correct permissions from the moment they join the group.

  • Flexible Access Control: Administrators can still manage individual access within a group, allowing for specific overrides when necessary without affecting the entire group's permissions.

2. Enhanced Administrative Efficiency:

  • Reduced Repetitive Tasks: The centralized group-level access management allows administrators to perform updates and changes in one place, which significantly reduces time spent on repetitive tasks.

  • Improved Accuracy: Centralized management helps in maintaining consistent access rules, reducing the risk of errors that can occur when managing individual permissions separately.

3. Enhanced Logging

  • The Group Access Window feature also introduces four new log events and improves the differentiation between a user's access request and an admin creating access for users:

    • Member(s) Added to an Access Window

    • Access Window Disabled

    • Access Window Enabled

    • Create Access (improved to distinguish between user requests and admin creations)

    • Revoke Access


End-User Simplified Experience

1. Clear Visibility of Access Permissions:

  • User-Friendly Interface: The feature integrates a user list within the Access Window page, displaying all users and groups with access. This makes it easy for users to see who else has access and understand their own permissions.

  • Visual Indicators: Clear indicators show which resources users have access to and through which groups these permissions are granted, reducing confusion about resource accessibility.

2. Improved Access Transparency:

  • Access Window Tabs: Each user's profile now includes a tab showing all Access Windows they have permissions for, including those inherited through group memberships. This provides users with a comprehensive view of their access rights.

  • Notifications and Alerts: Users receive notifications when their access changes, either through group modifications or updates to the Group Access Window. This keeps them informed about their current permissions and any changes that might affect their access.

3. Simplified Onboarding and Access Changes:

  • Automatic Access Assignment: Users added to a group immediately gain access to the relevant resources, ensuring they have the necessary permissions without delay. This automatic assignment removes the need for users to request access separately, simplifying their onboarding process.

  • Consistent Access Experience: As access windows are centrally managed, users experience fewer disruptions and more consistent access to the resources they need.


What has changed with introduction of Group Access Windows?

Please note: Users and Administrators should be aware that Group Access Windows will introduce custom naming for access windows. This may slightly alter the way you interact with filtering and searching for access windows on the dashboard.

The previous Admin day-to-day interaction
(before Group Access Windows):

  • Administrators could create access windows for multiple users simultaneously. However, each selected user would still receive an individual access request.

  • Admins could extend or shorten the duration of any access request.

  • Admins had the ability to Approve, Deny, and Revoke access windows.

The new admin day-to-day interface using Group Access Windows:

With the addition of the Group Access Window feature, a new Members tab has been introduced in the third column, enabling the following functionalities:

  • Member Management: Administrators can now add members, organization groups, and facility groups to the current access window.

    • How to Create an Access Window

    • How to Modify the Membership of a Group Access Window

  • Custom Naming: The access window can be given a custom name (optional, defaulting to the user’s email).

    By default, the AW name will be the email of user making the access window, in the screenshot below, that is dev@dispel.io

If your teams are familiar with AWs using the default email address structure, please be aware that custom names may be different and alert your teams to the updated workflow.

  • Group Permission Toggles: Toggles next to groups allow admins to enable or disable specific group permissions for the access window.

    • How to Modify the Membership of a Group Access Window

  • Individual Permission Toggles: Toggles next to individual users allow admins to enable or disable specific user permissions for the access window, independent of group permissions.

    • How to Modify the Membership of a Group Access Window

Users day-to-day Changes with Group Access Windows:

  • Get Access Window immediately when added to a Group that has Access Windows/ are added to Access Windows.

  • An "Access Window" tab is added to the individual user page, groups page, and facility groups page. This tab lists all access windows the user has access to, indicating which of those access windows are granted through group membership.

Did this answer your question?